ShiftLeft Academy

Critically Vulnerable Open Source Code Found in COTS Apps

Posted on


Video interview with Michael Sampson


{{ script_embed(‘wistia’, ‘boppjuh1oy’, ”, ‘inline,responsive’) }}


On August 4, Osterman Research released a software supply chain study conducted against data collected by GrammaTech’s Code Sentry Software Supply Chain testing product. Study of that data found that 100 percent of commercial applications that use open source components contain vulnerabilities within their open source components, and that 85% of the browser, email, file sharing, online meeting and messaging products tested had at least one critical vulnerability with a 10.0 CVSS (Common Vulnerability Scoring System) score, which is the highest possible. 

In this video interview, Michael Sampson, Senior Analyst Osterman Research and author of the report discusses his findings and offers advice on how to avoid some of the pitfalls of open source. 

A complete copy of the report is available here. GrammaTech and Osterman Research will also host a related webinar, Exposing Software Supply Chain Security Blind Spots that reveals more research findings on Sep 15 at 2:00 pm EDT. Register here

osterman-banner copy


Related Posts

Check out all of GrammaTech’s resources and stay informed.

view all posts

Contact Us

Get a personally guided tour of our solution offerings. 

Contact US