“Many organizations do not include their own copyright information on their software, making the task of determining [their] own IP against third-party and OSS content more difficult,” Koohgoli said.

In addition, Protecode found that open-source software containing security vulnerabilities were found in most portfolios.