Fulton, MD, 11-Jul-2016 — /EPR SOFTWARE NEWS/ — Sonatype, the leader in software supply chain automation, today announced the release of its second annual State of the Software Supply Chain report. Based on the analysis of 31 billion download requests of open source software components from the Central Repository, which is managed by Sonatype, the report provides insight into the software supply chain practices from 3,000 development organizations and also includes software component analysis of 25,000 applications.
Key findings from the report include:
- Supply and demand have never been greater
- The number of open source component download requests increased dramatically to 31 billion in 2015 from 17 billion in 2014, an 82 percent increase year-over-year.
- 10,000 new component versions are introduced daily across development ecosystems.
- Component sourcing practices are inefficient and software vulnerabilities are pervasive
- Enterprises download more than 229,000 components annually, but, on average only 5,000 component downloads are unique.
- Open source components vary widely in terms of quality and 6.1 percent of downloads (1-in-16 components) include a known security defect.
- Organizations struggle with vulnerable parts
- Data from 25,000 applications demonstrates that 6.8 percent of components in use had at least one known security defect, revealing that downloads of poor quality components are making their way into production.
- Parts age and grow stale quickly. Older components (age 2+ years) used in applications are disproportionately less healthy and are three times more likely to contain vulnerabilities.
Industry is taking action
Top performing enterprises, federal regulators and industry associations have embraced the principles of software supply chain automation to improve the safety, quality and security of software.