Open source is getting a lot of play in the mainstream press lately. Just last week, White Source released the findings of a study that explored the complexity and difficulty in managing the dependencies within an open source application.

    • The average software project contains 64 open source dependencies, and an average of 8 different open source licenses.
    • 37% of all open source components depend on other open source libraries. On average, each of these has 9 dependencies and 3 different open source licenses.
    • 91% of open source projects contain indirect dependencies
    • 64% of open source projects were subject to indirect licenses, due to dependencies.
    • 65% of open source components were subject to additional licenses, due to dependencies.
    • The most complex software project had 1917 open source dependencies.
    • Most projects were subject to multiple licenses, with the maximum recorded at 26 licenses.
    • 27% of all projects were subject to more than 10 different licenses
    • 58% of all projects were subject to more than 5 different licenses.

These findings confirm an industry trend in open source application security; dependencies within open source applications are getting extremely complex and difficult to manage.


You can read the full results of report here.