In addition, the company has also published the Top 5 Most Overlooked Open Source Security Vulnerabilities found in enterprise audits during 2007 - derived from an analysis of over 300 million lines of code across multiple verticals that include financial services, technology and government. The top vulnerabilities can be found here .

“Open source is inherently no more risky than commercial software,” said Mark Tolliver, CEO of Palamida. “The majority of open source projects provide a patched version to any issue within hours of discovery. Users of open source, however, need a way to quickly and accurately verify what components they are using and associate them with known vulnerabilities so they can retrieve updated versions. Without a mechanism in place to perform this function, organisations put themselves at risk for introducing security vulnerabilities into their code base.”