The Component Revolution
Modern application development is largely accomplished by assembling Free and Open Source (FOSS) components. How do you know if you're using open source and if your applications are at risk?
Over 9 billion components will be downloaded this year from the Sonatype Central Repository, representing a fundamental shift from "writing" to "assembling" applications.
Three thousand (3000) respondents to Sonatype's 2013 OSS Software Survey reported that at least 80% of their applications are comprised of components. In a related Aspect Security 2012 study, researchers scrutinized over 113 million downloads of 31 popular open source components, frameworks, and security libraries from the Central Repository. These were downloaded by over 60,000 organizations, including most of the Global 100. They found that 26% of these downloads were of components with known vulnerabilities. Because most modern applications have dozens or hundreds of libraries, this research showed that the probability of having at least one vulnerability in your application due to a known insecure library is over 95%.
This major shift to component assembly is driving the need for much more sophisticated component management. The need to have visibility and governance across a highly complex ecosystem of components and development environments has created a challenge that current application security tools can't manage. A new breed of management tool is needed – one that takes more inspiration from the manufacturing supply chain than from traditional application security "problem discovery" tools. And for this new breed of solution to be effective, it can't be an afterthought and it can't slow developers down. It is these principles that inspired Sonatype's creation of an entirely new approach application security, one that secures all components throughout the software lifecycle while making it easier for developers to continue their rapidly increasing pace of development.
See it in Action
Learn more about Component Lifecycle management. Take the Tour
What's in Your App?
Find out what vulnerabilities are in your applications. Get a free health check