Open source is getting a lot of play in the mainstream press lately. Just last week, White Source released the findings of a study that explored the complexity and difficulty in managing the dependencies within an open source application.
- The average software project contains 64 open source dependencies, and an average of 8 different open source licenses.
- 37% of all open source components depend on other open source libraries. On average, each of these has 9 dependencies and 3 different open source licenses.
- 91% of open source projects contain indirect dependencies
- 64% of open source projects were subject to indirect licenses, due to dependencies.
- 65% of open source components were subject to additional licenses, due to dependencies.
- The most complex software project had 1917 open source dependencies.
- Most projects were subject to multiple licenses, with the maximum recorded at 26 licenses.
- 27% of all projects were subject to more than 10 different licenses
- 58% of all projects were subject to more than 5 different licenses.
These findings confirm an industry trend in open source application security; dependencies within open source applications are getting extremely complex and difficult to manage.
You can read the full results of report here.