WhiteSource Announces Open Source Usage Practices Survey
The survey uncovers how CTOs and R&D Managers are managing the use of open source libraries by their developers
WhiteSource, leading provider of automated tools for open source license compliance and security management, today announced the Open Source Usage Practices Survey. The survey is one of several studies aimed at fostering proper use of open source.
βAs more companies use open source components to boost productivity, it becomes important to properly manage open source inventory and adoption processes. Specifically, to avoid legal risks, it is critical to ensure compliance with open source licenses. Further, since open source libraries become an integral part of any software product, it is mandatory to update open source libraries to fix security vulnerabilities and other bugs,β said Rami Sass, CEO of WhiteSource.
In previous research, WhiteSource identified some interesting findings regarding common use of open source. Specifically, that
- Most developersΒ do not track properly all dependencies of open source libraries, and as a result may miss when a dependency comes under a different license.
- Open source suffers from similar rate of security vulnerabilities and defects as any other code. Open source communities are usually faster to fix vulnerabilities, but users are updating less frequently.Β About 23% of projects contained open source with known vulnerability, despite the fact that a more recent version was available.
About Mend.io
Mend.io is a leading application security solution that helps organizations fix less and reduce risk faster. Built for both AI-driven and modern development workflows, Mend.io gives teams visibility into all code β human-written, AI-generated, open source, third-party and container components β and helps them prioritize and remediate the risks that matter most.
