<https://www.theregister.co.uk/2020/05/12/open_source_bugs/> The good news: commercial adoption of Open Source is on the up: ... almost all (99 per cent) of the codebases examined have at least one open source component and that 70 per cent of the code overall is open source. That's about twice as much as the company's 2015 report, which found only 36 per cent of audited code was open source. The bad news: the companies concerned seem to have few or no procedures in place for keeping those open-source components up to date: Ninety-one percent of the audited applications had components that are either four years out of date or have exhibited no active development for two years. In 2019 – the time-period covered by the 2020 report – the percentage of codebases containing vulnerable components rose to 75 per cent, up from 60 per cent in 2018. They also seem to be a little bit careless about the legalities: The Synopsys report also found that 68 per cent of codebases exhibited an open source license conflict and that 33 per cent of them had no identifiable license.