Survey Raises Specter of Massive Enterprise Software Insecurity


Published: April 30, 2013 13:16

You're studiously virus checking your desktop systems, and all your server applications are running on platforms that are regularly updated. But what about the applications themselves -- are they secure?

Sonatype today released results of the annual Open Source Software Development Survey, which looks at the extent to which developers use open source components, with a particular focus on how they balance the competing needs of speed and security. Sonatype surveyed 3,500 people from more than 50 countries -- more than 85 percent of them developers -- to understand their approaches to assembling software. The results show the massive extent to which developers now rely on components: At least 80 percent of a typical Java application is now assembled from open source components and frameworks.

This has been the case for many years, but the full maturation of the concept of component assembly rather than writing code from scratch is well illustrated -- albeit with a focus mainly on Java components. The popularity of tools like Node Package Manager (npm), CPAN, and more recently PHP Composer suggests Sonatype's findings probably reflect a general trend independent of the language used. Ask any employable developer and they will tell you: Components are the way things get built.

Continue reading on