<![CDATA[2026 Open Source Security and Risk Analysis Report – Software Governance in the AI Era – Black Duck Software, Inc.]]>https://www.blackduck.com/content/dam/black-duck/en-us/reports/rep-ossra.pdf

The “Open Source Security and Risk Analysis” (OSSRA) report has been the industry’s definitive look at the state of open source code for a decade. Each year, we analyze anonymized findings from commercial codebases audited by the Black Duck Audit Services team, and this provides an unmatched, real-world view of how open source is used—and sometimes misused—across every major industry. This year’s findings document a pivotal moment: The explosion of AI-assisted development has fundamentally altered the risk landscape for software and the baseline for compliance with new regulatory initiatives such as the EU Cyber Resilience Act (CRA) and the Digital Operational Resilience Act (DORA).

PDF, 44 pages.

Context

Open source organisations weigh in on age attestation

Availability

Noted in Reddit:

… easily found with Google – without completing Black Duck's form, which requires a business email address:

]]>https://billboard.bsd.cafe/topic/221/2026-open-source-security-and-risk-analysis-report-software-governance-in-the-ai-era-black-duck-software-inc.RSS for NodeWed, 03 Jun 2026 10:35:14 GMTWed, 03 Jun 2026 07:08:04 GMT60