Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

1 in 16 Java Components Have Security Defects

DZone's Guide to

1 in 16 Java Components Have Security Defects

A new report from Sonatype analyzes the volume and variety of Java components in the ecosystems of over 25,000 developers and 3,000 organizations.

· Java Zone
Free Resource

Microservices! They are everywhere, or at least, the term is. When should you use a microservice architecture? What factors should be considered when making that decision? Do the benefits outweigh the costs? Why is everyone so excited about them, anyway?  Brought to you in partnership with IBM.

Sonatype just released it's 2nd annual State of the Software Supply Chain Report.  Over the past year, researchers amassed a great deal of data with respect to the staggering volume and variety of Java (as well as NuGet, RubyGems, npm) open source components flowing through software supply chains into development environments.  This year, the report assessed behaviors across 3,000 organizations and performed deep analysis on over 25,000 applications.

The results we discovered ranged from staggering to surprising to sobering.  For example, researchers measured organizations consuming an average of 229,000 components annually.  The good news is, these components help companies accelerate their development and innovation.  At the same time, we saw 6.8% of components used in applications marked with at least one known security vulnerability — adding high levels of security debt.  Not all components are created equal.

Image title

In the past year, Sonatype was far from the only organization pursuing the need for improved software supply chain practices.  The researchers studied the patterns and practices exhibited by high-performance organizations and documented how these innovators are utilizing the principles of software supply chain automation to manage the massive flow and variety of open source components.  These organizations are striving to consistently deliver higher quality applications for less, while lowering their risk profile. This year’s report profiles organizations across banking, insurance, defense, energy, technology, and government sectors.

The 2016 State of the Software Supply Chain Report blends public and proprietary data with expert research and analysis to reveal the following:

  • Developers are gorging on an ever expanding supply of open source components.  Billions of open source components were downloaded in the last year.
  • Vast networks of open source component suppliers are growing rapidly.  Over 1,000 new open source projects and 10,000 new versions of open source components are introduced daily.
  • Massive variety and volume of software components vary widely in terms of quality.  1 in 16 parts include a known security defect.
  • Top performing enterprises, federal regulators and industry associations have embraced the principles of software supply chain automation to improve the safety, quality, and security of software.

If you are developing with Java or other open source components, we invite you to read the report and leverage the insights to understand how your organization’s practices compare to others. 

If you would like to join a live discussion on this year's report, you can hear from the research team on Wednesday, July 13th. Save your seat here.

Discover how the Watson team is further developing SDKs in Java, Node.js, Python, iOS, and Android to access these services and make programming easy. Brought to you in partnership with IBM.

Topics:
open source governance ,open source development ,application security ,devops ,java application development ,npm ,continuous delivery ,open source projects

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}