In 2019, the Black Duck® Audit Services team audited 1,253 codebases to identify open source components, their associated licenses, security vulnerabilities, and overall community activity. Our Audit Services team has extensive experience in not only identifying open source licenses, but also researching the more than 2,700 license permutations that exist in the open source world. But what happens when an open source component has no license at all?

If you want to stay current, you have to keep up with what’s trending, no matter if it’s politics, healthcare, education, finance, or entertainment. Or software security, which in a connected world is behind everything on that list above. Software isn’t just important, it’s essential. The world as we know it wouldn’t function or even exist without it.

Knowing what could hurt you can help you. That’s the point of the nonprofit MITRE’s 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Errors (CWE Top 25) list, released a few weeks ago.

The Building Security In Maturity Model (BSIMM)—the annual report on the evolution of software security initiatives (SSIs)—is gaining some maturity itself. The latest report, which went public this week, is the 11th iteration. Some things haven’t changed. The fundamental goal remains what it was at the start, more than a decade ago.