<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1127487224079104&amp;ev=PageView&amp;noscript=1 https://www.facebook.com/tr?id=1127487224079104&amp;ev=PageView&amp;noscript=1 ">

It’s no secret... developers use open source software.

Still, there are questions around how it should be managed—and for good reason. Here’s why:

  • Open source components are not created equal. Some are vulnerable from the start, while others go bad over time.
  •  Usage has become more complex. With tens of billions of downloads, it’s increasingly difficult to manage libraries and direct dependencies.
  • Transitive dependencies: if you are using dependency management tools like Maven (Java), Bower (JavaScript), Bundler (Ruby), etc., then you are automatically pulling in third-party dependencies—a liability that you can’t afford.