There are plenty of metrics to hint the prevalence of open provide components, much like GitHub stars and downloads, nevertheless they don’t paint the entire picture of how they’re being utilized in manufacturing codebases.
Census III of Free and Open Provide Software program program: Utility Libraries leans on higher than 12 million data components from software program program composition analysis (SCA) and utility security devices much like Black DuckFOSSA, Snyk, and Sonatype, which have been deployed at higher than 10,000 corporations.
The intensive report highlights the shift in direction of memory-safe programming, with Rust adoption surging. And from a security concern perspective, it components to the continued reliance on Python 2, along with an absence of standardized naming for components — this will likely improve the possibility of dependency confusion and malicious bundle injection.
Produced by The Linux Foundation in partnership with the Open Provide Security Foundation (OpenSSF) and Harvard Schoolthe report follows two earlier installments in 2015 and 2020respectively. The latest one is accessible for acquire now.