2019 State of the Software Supply Chain Report

2019 State of the Software Supply Chain Report

The growing demand for innovation has accelerated implementations of automated software development pipelines whilst driving open source consumption to new heights.

For the fifth anniversary of this report, Sonatype collaborated with Gene Kim from IT Revolution, and Dr. Stephen Magill from Galois and MuseDev. Researchers examined and documented release patterns and cybersecurity hygiene practices across 36,000 open source project teams and 3.7 million open source component releases.

A few key findings:

  • 71% increase in Open Source related breaches over the past five years
  • Top 5% of projects remediate security vulnerabilities within 21 days
  • Exemplary projects are 3.4x faster at remediating known vulnerabilities
  • Exemplary Dev teams are 12x more likely to have automated tools to manage open source dependencies, and Secure Dev Practices are 9.3x more likely to proactively remove troublesome dependencies

For more key trends and best practices exhibited by exemplary open source software projects or commercial application development teams, download the report now.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.