Open source is fueling digital transformation

No Comments
digital transformation

Developer demand for open source increased 73 percent over the last year and in 2021 developers around the world will download more than 2.2 trillion open source packages from the top four ecosystems.

The latest Software Supply Chain Report from Sonatype shows a 20 percent increase in supply too, with the top four open source ecosystems now containing a combined 37,451,682 different versions of components.

Despite this huge choice though production apps are found to utilize only six percent of available projects.

However, this comes at the cost of a 650 percent increase in software supply chain attacks aimed at exploiting weaknesses in upstream open source ecosystems. The report finds that 29 percent of popular project versions contain at least one known security vulnerability. Conversely, only 6.5 percent of non-popular project versions do so, suggesting that security researchers -- both good and bad -- are focused on the most utilized projects.

"This year's State of the Software Supply Chain report demonstrates, yet again, how open source is both critical fuel for digital innovation and a ripe target for software supply chain attacks," says Matt Howard, EVP of Sonatype. "While developer demand for open source continues to grow exponentially, our research shows for the first time just how little of the overall supply is actually being utilized. Further, we now know that popular projects contain disproportionately more vulnerabilities. This stark reality highlights both a critical responsibility, and opportunity, for engineering leaders to embrace intelligent automation so they can standardize on the best open source suppliers and simultaneously help developers keep third-party libraries fresh and up to date with optimal versions."

Among other findings, commercial engineering teams only manage 25 percent of the components they use, leaving the majority of their open source dependencies stale and thus susceptible to increased security risks.

The findings also show that equipped with intelligent automation, a medium sized enterprise with 20 application development teams would save a total of 160 developer days a year, amounting to $192,000 a year.

The full report is available on the Sonatype site.

Photo Credit: Robert Kneschke/Shutterstock

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

AMD Ryzen PRO processors will boost Windows 11 business PCs with cutting-edge AI and security features

8 steps to secure your business during employee offboarding

Microsoft is modernizing the workplace -- but where does Copilot fit in?

The AI advantage: Navigating the future of procurement with Generative AI

Plugable launches new premium cables

Election year gives rise to global supply chain cyberthreats

Surfshark finally launches VPN app for Apple TV

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

60 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

17 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

16 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

15 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

EndeavourOS ARM discontinued: A huge loss for the Linux community

9 Comments

Install the KB5035942 update for Windows 11 to gain all of the Moment 5 features right now

8 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.