WhiteSource Announces Open Source Usage Practices Survey
The survey uncovers how CTOs and R&D Managers are managing the use of open source libraries by their developers
WhiteSource, leading provider of automated tools for open source license compliance and security management, today announced the Open Source Usage Practices Survey. The survey is one of several studies aimed at fostering proper use of open source.
βAs more companies use open source components to boost productivity, it becomes important to properly manage open source inventory and adoption processes. Specifically, to avoid legal risks, it is critical to ensure compliance with open source licenses. Further, since open source libraries become an integral part of any software product, it is mandatory to update open source libraries to fix security vulnerabilities and other bugs,β said Rami Sass, CEO of WhiteSource.
In previous research, WhiteSource identified some interesting findings regarding common use of open source. Specifically, that
- Most developersΒ do not track properly all dependencies of open source libraries, and as a result may miss when a dependency comes under a different license.
- Open source suffers from similar rate of security vulnerabilities and defects as any other code. Open source communities are usually faster to fix vulnerabilities, but users are updating less frequently.Β About 23% of projects contained open source with known vulnerability, despite the fact that a more recent version was available.
About Mend.io
Mend.io is built for every risk, across AI and AppSec. By securing the code layer and the AI layerβand the interactions between them, where modern application risk now livesβMend.io extends proven AppSec workflows to the models, prompts, and agents inside today’s applications, delivering continuous protection across the entire AI application lifecycle.