WhiteSource: 85% of Software Projects Include Some Out of Date Open Source Libraries

WhiteSource proactively alerts whenever new versions are available, patching bugs and security issues.

WhiteSource, the leading provider of Open Source Lifecycle Management solutions, revealed today that 85% of all software projects loaded to its service by new customers had some out of date open source components. Altogether, 14% of all libraries in use are out of date. These alarming findings represent substantial risks to both software vendors and customers, since patches are usually released in response to major bugs or security vulnerabilities. This is probably because most software developers lack the tools, and often the motivation, to continuously monitor new releases of open source components they use. WhiteSource provides a service that automatically alerts customers whenever open source modules in their “inventory” are updated.

In today’s business climate, using open source software components as part of the development of new products is imperative. From a security perspective, open source software is also openly available for hackers to analyze and identify vulnerabilities. Then, while security issues are often fixed quickly by the community, these updates also reveal the security issue being addressed, increasing further the vulnerability of those that did not patch their system accordingly. To keep to high security standards, software developers must continuously watch for new updates, and patch as soon as updates are released. Likewise, it is clearly beneficial to frequently update open source modules for bug fixes, performance improvements, and even functional enhancements.

Unfortunately, development teams are often concerned with open source only when they are actively developing new functionality, or when customers complain. Typically, once the development task is accomplished, no one is tasked with continuously monitoring updates to open source components. Developers will rarely spot an update that does not result in a defect that is reported by their users.

In a recent research conducted by WhiteSource on projects that were first loaded to its service by new customers, the following findings were discovered:

• 85% of software projects loaded to WhiteSource relied on at least one open source library that was out of date.
• On average, 14% of all open source libraries across all projects and all customers were out of date.

To address this issue, the WhiteSource Open Source Lifecycle Management service provides its customers with real-time proactive alerts whenever a new version is available for an open source module they use. Importantly, the alerts are limited and specific for a given customer and a given project, eliminating unnecessary sifting work.

“Using the most updated open source version substantially reduces business and technical risks. Current versions fix crucial bugs, performance issues, and security vulnerabilities, and often contain additional functionality,” said WhiteSource CEO Rami Sass. “WhiteSource alerts users promptly and automatically whenever new open source patches are released, saving developer’s time and eradicating out-of-date open source libraries that endanger the organization and its customers. WhiteSource does not alert falsely or unnecessarily since our project-specific inventory is always updated through our integration the with development tools. We currently provide plug-ins for Apache Maven and Ant, Jenkins, JetBrains TeamCity, Red Hat OpenShift, and JFrog Artifactory .”

WhiteSource provides a comprehensive, yet simple to use, and very affordable solution for companies that need to manage their open source assets and ensure license compliance and control. WhiteSource automates the business processes necessary to adopt, manage, and update open source components. WhiteSource reduces the burden currently placed on rank-and-file developers, while providing decision makers with the tools to understand the legal, business, and technical risks of specific open source libraries, and to comply with their licensing requirements. Developers, managers, and legal counsels use WhiteSource cloud-based SaaS solution to conveniently manage the software development lifecycle.

WhiteSource offers a free service that includes all basic open source license management and control functions, as well as Premium and Enterprise subscriptions.