The Minefield of Open Source: Research and Guidance for Seeing Clearly, Keeping Current, and Staying Secure

Did you know that 8.4% of open source Java library releases contain known vulnerabilities? This increases to 23% when you consider only the most popular and most used projects. Navigating this minefield to keep applications secure can be a challenge.

In this talk, we share insights from our 2021 software supply chain research, which characterizes this risk for various languages and offers guidance for how teams can:

• Choose components that help minimize their risks
• Adopt practices that help them quickly discover and remediate security issues
• Become more efficient and innovative developers