Sixty-seven percent of applications reviewed by Black Duck Software for its “State of Open Source Security in Commercial Applications” report contained known open source security vulnerabilities. And, making matters worse, companies don’t have a handle on how much open source they’re using.