It’s no secret… developers use open-source software.
Still, there are questions around how it should be managed—and for good reason. Here’s why:
- Open source components are not created equal. Some are vulnerable from the start, while others go bad over time.
- Usage has become more complex. With tens of billions of downloads, it’s increasingly difficult to manage libraries and direct dependencies.
- Transitive dependencies: if you are using dependency management tools like Maven (Java), Bower (JavaScript), Bundler (Ruby), etc., then you are automatically pulling in third-party dependencies—a liability that you can’t afford.