Slashdot Mirror
The Percentage of Open Source Code in Proprietary Apps is Rising (helpnetsecurity.com)
Zeljka Zorz, writing for Help Net Security: The number of open source components in the codebase of proprietary applications keeps rising and with it the risk of those apps being compromised by attackers leveraging vulnerabilities in them, a recent report has shown. Compiled after examining the findings from the anonymized data of over 1,100 commercial codebases audited in 2017 by the Black Duck On-Demand audit services group, the report revealed two interesting findings:
96 percent of the scanned applications contain open source components, with an average 257 components per application. The average percentage of open source in the codebases of the applications scanned grew from 36% last year to 57%, suggesting that a large number of applications now contain much more open source than proprietary code.
96 percent of the scanned applications contain open source components, with an average 257 components per application. The average percentage of open source in the codebases of the applications scanned grew from 36% last year to 57%, suggesting that a large number of applications now contain much more open source than proprietary code.
Maybe you should look into "dependency hell", a new special hell for application written in last year or two, where 10-20 libraries are to be obsoleted in 1-3 years?
Or maybe "license hell", with developers with absolutely NO CLUE as to wether licenses are rightfully obtained or not, this year or next year, under what conditions.
Or "security hell"... Ok, leave that to your imagination, if you have one. No you do not have one, but we'll leave you to it!