June 2019


Today there is likely no software project without some form of external libraries, dependencies, open source or whatever you want to call it. But how do you make sure you import healthy dependencies, which do not introduce vulnerabilities and risk into your software? The explosion of open source The amount of open source or other third party code used in a software project is often estimated as 60-90% of the total codebase. The total number of public repositories exceed 100M in 2018 according to GitHub. According to our own findings, practically all companies developing software use open source, third party components or dependencies to varying degrees. Let’s call them dependencies from now. More often than not, hundreds of dependencies are used. This adds a new dimension to software development in that security issues in such code will affect the products in similar ways as issues in the in-house developed code.…