A new survey of 2,550 developers, architects and IT managers conducted by development tool vendor Sonatype found that only 32 percent of development teams keep track of the open source code they use in their projects. In addition, half of those surveyed said their companies did not have an open source policy.
According to Sonatype’s Charles Gold, failing to keep track of open source code means that the software those developers create could have security bugs. “Open-source software does not [prompt] users to update,” he noted. As a result, some applications continue to use older, flawed versions of the code even though updates are available.