It’s no secret... developers use open source software.

Still, there are questions around how it should be managed—and for good reason. Here’s why:

  • Open source components are not created equal. Some are vulnerable from the start, while others go bad over time.
  •  Usage has become more complex. With tens of billions of downloads, it’s increasingly difficult to manage libraries and direct dependencies.
  • Transitive dependencies: if you are using dependency management tools like Maven (Java), Bower (JavaScript), Bundler (Ruby), etc., then you are automatically pulling in third-party dependencies—a liability that you can’t afford.