WhiteSource Announces Open Source Usage Practices Survey
The survey uncovers how CTOs and R&D Managers are managing the use of open source libraries by their developers
WhiteSource, leading provider of automated tools for open source license compliance and security management, today announced the Open Source Usage Practices Survey. The survey is one of several studies aimed at fostering proper use of open source.
“As more companies use open source components to boost productivity, it becomes important to properly manage open source inventory and adoption processes. Specifically, to avoid legal risks, it is critical to ensure compliance with open source licenses. Further, since open source libraries become an integral part of any software product, it is mandatory to update open source libraries to fix security vulnerabilities and other bugs,” said Rami Sass, CEO of WhiteSource.
In previous research, WhiteSource identified some interesting findings regarding common use of open source. Specifically, that
- Most developers do not track properly all dependencies of open source libraries, and as a result may miss when a dependency comes under a different license.
- Open source suffers from similar rate of security vulnerabilities and defects as any other code. Open source communities are usually faster to fix vulnerabilities, but users are updating less frequently. About 23% of projects contained open source with known vulnerability, despite the fact that a more recent version was available.
About Mend.io
Mend.io offers the first AI native application security platform, empowering organizations to build and run a proactive AppSec program tuned for AI powered development. The unified platform secures AI generated code and embedded AI components, drives risk reduction through AI powered remediation, automates compliance, and provides a holistic enterprise scale view of risks and clear actions for developers across your entire codebase.
