Channels ▼

Open Source

85% of Software Projects Include Out-of-Date Open Source

White Source says that 85% of all software projects loaded to its lifecycle management service by new customers had some out-of-date open source components. The firm says that in response to this it proactively alerts whenever new versions are available, patching bugs and security issues. Altogether, 14% of all libraries in use are out of date.

Suggesting that the reason for this shortfall and disparity is probably because most software developers lack the tools (or the motivation) to continuously monitor new releases of open source components in use. White Source provides a service that automatically alerts customers whenever open source modules in their "inventory" are updated.

From a security perspective, open source software is openly available for hackers to analyze and identify vulnerabilities. Further, while security issues are often fixed quickly by the community, these updates also reveal the security issue being addressed, increasing the vulnerability of those that did not patch their system accordingly.

To address this issue, the White Source Open Source Lifecycle Management service sets out to provide customers with real-time proactive alerts whenever a new version is available for an open source module they use. Importantly, the alerts are limited and specific for a given customer and a given project, eliminating unnecessary sifting work.

According to White Source CEO Rami Sass, "White Source does not alert falsely or unnecessarily since our project-specific inventory is always updated through our integration with development tools. We currently provide plug-ins for Apache Maven and Ant, Jenkins, JetBrains TeamCity, Red Hat OpenShift, and JFrog Artifactory ."

The firm says that its objective is to reduce the burden currently placed on rank-and-file developers, while providing decision-makers with the tools to understand the legal, business, and technical risks of specific open source libraries, and to comply with their licensing requirements.

Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.