Skip to main content
close search
site logo
Dive Brief

Report: Enterprises more reliant on open source and third-party software components

Published July 11, 2016
Naomi Eide's headshot
Managing Editor
Dollar Photo Club

Dive Brief:

  • The software supply chain is booming and enterprises are frequently turning to open source and third party software components to decrease the amount of code they have to write, which helps accelerate deployment cycles, according to Sonatype’s 2016 State of the Software Supply Chain report released Monday.
  • In 2015, developers had 31 billion download requests of open source and third party software components, compared to 17 billion requests the year before, according to analysis from Central Repository, which is managed by Sonatype.
  • The average enterprise downloaded 229,000 open source components in 2015, but many had aspects that aged and became stale quickly, which could lead to increased security vulnerabilities, licensing risks or component part rework, according to the report.

Dive Insight:

More and more, companies are turning to the open source development community to supplement internal efforts, even though inherent security risks can linger. From Exxon to the U.S. Federal Trade Commission, enterprises, federal regulators and industry associations alike are starting to rely on automation to help improve the safety, quality and security of outside software components, according to the study.

Relying on third party and open source software components can diminish the time it takes for companies to deliver applications, potentially saving in-house developers hundreds of hours. Modern applications consist of between 80% and 90% component parts, according to the study. That drastically decreases the amount of code written from scratch.

"By failing to effectively manage their software supply chain, we have found that software development organizations are taking on significant technical debt that is completely avoidable," Sonatype CEO Wayne Jackson said in a statement. "Hours invested managing service interruptions and security breaches could otherwise be spent adding value for their companies and customers."

But relying on outside development is not without its drawbacks. Looking at 25,000 applications, the study found that 6.8% of the components had at least one security defect. Those tainted parts can then find their way into enterprise applications. Older software components in particular can be security risks, accounting for 77% of known vulnerabilities.

Open source software is already starting to dominate enterprises, offering companies advantages for cost, control and innovation. But companies need to remain strategic in their use of outside development, because flaws can persist. Like Sonatype,  Black Duck Software also found multiple flaws in open source components, discovering that 67% of the 200 commercial applications it reviewed over a six month period contained vulnerable open source components.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell