Sonatype unveiled its eighth annual State of the Software Supply Chain Report which, in addition to a massive surge in open source supply, demand, and malicious attacks, found that 96% of open source Java downloads with known-vulnerabilities could have been avoided because a better version was available, but was ignored. According to the report, this means 1.2 billion known-vulnerable dependencies that could be avoided are being downloaded every month, pointing to non-optimal consumption behaviors as … More
The post Consumer behaviors are the root of open source risk appeared first on Help Net Security.
This article has been indexed from Help Net Security
Read the original article: