Open source is powerful, and the best developers in the world use it, but it's time to stop ignoring the security concerns and start tracking the dependencies in your software.
In a survey by BlackDuck software, 43 percent of the respondents said they believe that open-source software is superior to its commercial equivalent. We all know that we can't stop using open source, and we know that no one wants to stop using it. In today's software development environment, an enormous amount of work is crowdsourced to a large community of open-source developers and communities with very little understanding of the security problems that this creates, let alone ways to manage this risk. Did you know that u p to 90 percent of an application typically consists of third-party components, mostly open source? And did you know that more than 50 percent of the Global 500 use vulnerable open-source components?
