Skip to content

C003 — H3:

Contents

Statement: The figures are from the OSSRA report but the 107% year-over-year increase primarily reflects expansion of vulnerability databases (more CVEs catalogued, more components tracked) rather than actual degradation of codebase security practices.

Supporting Evidence Would Show

  • Year-over-year growth in the NVD/CVE database showing comparable or larger increases in catalogued vulnerabilities.
  • Evidence that OSSRA expanded its component detection methodology between report years.
  • Analysis showing the growth in detected vulnerabilities correlates more with database expansion than with changes in codebase composition.

Eliminating Evidence Would Show

  • Evidence that vulnerability database growth was modest (<20%) while per-codebase detections grew 107%.
  • Analysis showing the increase is driven by actual increases in outdated/vulnerable dependencies.
  • OSSRA methodology documentation showing consistent detection methodology across years.

← Back to item overview