From banking, to manufacturing, to healthcare, to entertainment; companies capable of delivering innovative software applications are disrupting established players and gaining share in every industry.
To survive and compete effectively, CEOs and shareholders are placing intense pressure upon IT leaders to accelerate the pace of software innovation. In response, organizations are hiring armies of software developers, consuming unprecedented amounts of open source components, and equipping teams with next generation and cloud-native tools designed to automate and optimize
the entire software development lifecycle.
In this world, speed is critical, open source is everywhere, and security concerns are sometimes relegated to the back seat — which is why we’re once again examining the state of the open source software supply chain. Like previous reports, the 2018 State of the Software Supply Chain Report blends a broad set of public and proprietary data with expert research and analysis.
Key findings in this year’s report include:Open source vulnerabilities increased 120% YoY and their mean time to exploit compressed by 93.5%.
- Public vulnerability databases lack information on more than 1.3 million open source security advisories.
- Suspected or known open source breaches increased 55% YoY.
- DevOps teams are 90% more likely to comply with open source governance when policies are automated.
- Managing software supply chains through automated OSS governance reduces the presence of vulnerabilities by 50%.
- Government regulation across the United States and Europe hints at software liability on the horizon.
Download the full report: