Analyzing the Impact of Open Source Dependencies

There are a few factors driving the increased use of open source—digital transformation, competitive pressures, and innovation, to name a few. All valid. What I want to talk about, however, is the role dependencies play in the elevated volumes of open source playing out in all companies in all industries everywhere.

In most cases, developers can freely choose whatever open source components they want and integrate it with their software. Likewise, they may be unmindful to the number of open source libraries they are using due to dependencies.

Each year Revenera’s audit practice analyzes the last 12 to 15 audit projects of the year. Prior information on the organization’s general awareness of how much third-party content do they believe is in their code is gathered. Once the audit is complete, using open source scanning coupled with manual analysis, a full picture of what is being used is generated. Interestingly, the level of initial disclosure has been relatively flat. If you look at it compared to the level of average items found in an audit, it’s actually, percentage-wise, going down. However, there is a big increase in the overall composition of codebases.

Read the full article here.

Comments are closed.