Software supply chain management vendor Sonatype has conducted a review of 1,500 applications that were built using open source components and found that on average, each application inherited 24 severe or critical security vulnerabilities from those components. Making matters worse, when those bugs were fixed in the open source code, developers updated their applications with the fixes only 41 percent of the time with a mean time-to-repair of 390 days.
Sonatype manages one of the largest public repositories of open source Java components. It says that 100,000 organizations used the Central Repository last year and that it served 17.2 billion download requests for 217,000 different components.
Charlie has over a decade of experience in website administration and technology management. As the site admin, he oversees all technical aspects of running a high-traffic online platform, ensuring optimal performance, security, and user experience.
