DZone
Java Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > Java Zone > 1 in 16 Java Components Have Security Defects

1 in 16 Java Components Have Security Defects

A new report from Sonatype analyzes the volume and variety of Java components in the ecosystems of over 25,000 developers and 3,000 organizations.

Derek Weeks user avatar by
Derek Weeks
·
Jul. 11, 16 · Java Zone · News
Like (6)
Save
Tweet
9.01K Views

Join the DZone community and get the full member experience.

Join For Free

Sonatype just released it's 2nd annual State of the Software Supply Chain Report.  Over the past year, researchers amassed a great deal of data with respect to the staggering volume and variety of Java (as well as NuGet, RubyGems, npm) open source components flowing through software supply chains into development environments.  This year, the report assessed behaviors across 3,000 organizations and performed deep analysis on over 25,000 applications.

The results we discovered ranged from staggering to surprising to sobering.  For example, researchers measured organizations consuming an average of 229,000 components annually.  The good news is, these components help companies accelerate their development and innovation.  At the same time, we saw 6.8% of components used in applications marked with at least one known security vulnerability — adding high levels of security debt.  Not all components are created equal.

Image title

In the past year, Sonatype was far from the only organization pursuing the need for improved software supply chain practices.  The researchers studied the patterns and practices exhibited by high-performance organizations and documented how these innovators are utilizing the principles of software supply chain automation to manage the massive flow and variety of open source components.  These organizations are striving to consistently deliver higher quality applications for less, while lowering their risk profile. This year’s report profiles organizations across banking, insurance, defense, energy, technology, and government sectors.

The 2016 State of the Software Supply Chain Report blends public and proprietary data with expert research and analysis to reveal the following:

  • Developers are gorging on an ever expanding supply of open source components.  Billions of open source components were downloaded in the last year.
  • Vast networks of open source component suppliers are growing rapidly.  Over 1,000 new open source projects and 10,000 new versions of open source components are introduced daily.
  • Massive variety and volume of software components vary widely in terms of quality.  1 in 16 parts include a known security defect.
  • Top performing enterprises, federal regulators and industry associations have embraced the principles of software supply chain automation to improve the safety, quality, and security of software.

If you are developing with Java or other open source components, we invite you to read the report and leverage the insights to understand how your organization’s practices compare to others. 

If you would like to join a live discussion on this year's report, you can hear from the research team on Wednesday, July 13th. Save your seat here.

Open source security Java (programming language) Software

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • JUnit 5 Tutorial: Nice and Easy [Video]
  • What Is ERP Testing? - A Brief Guide
  • Testing Under the Hood Or Behind the Wheel
  • How to Upload/Download a File To and From the Server

Comments

Java Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo