Our State of the Software Supply Chain Report has just been released. Over the past year, we’ve amassed a great deal of data with respect to the staggering volume and variety of open source components flowing through software supply chains into development environments. This year, we assessed behaviors across 3,000 organizations and performed deep analysis on more than 25,000 applications.
The results we discovered ranged from staggering to surprising to sobering. For example, we measured organizations consuming an average of 229,000 components annually. The good news is, these components help companies accelerate their development and innovation. At the same time, we saw 6.8% of components used in applications marked with at least one known security vulnerability — adding high levels of security debt. Not all components are created equal.
The 2016 State of the Software Supply Chain Report blends public and proprietary data with expert research and analysis to reveal the following:
- Developers are gorging on an ever expanding supply of open source components. Billions of open source components were downloaded in the last year.
- Vast networks of open source component suppliers are growing rapidly. Over 10,000 new versions of open source components are introduced daily.
- Massive variety and volume of software components vary widely in terms of quality. 1 in 16 parts include a known security defect.
- Top performing enterprises, federal regulators and industry associations have embraced the principles of software supply chain automation to improve the safety, quality, and security of software.
We invite you to read the report and leverage the insights to understand how your organization’s practices compare to others. Then, let us know what you think @sonatype.
If you would like to join a live discussion on this year’s report, please join us on Wednesday, July 13th. Save your seat here.