Chart of the Week

OCT 2023: VOLUME 3

Packages are reused 2.7 times on average within the same Open-Source Project

The Data

Based on Lineaje AI Labs research the majority of vulnerabilities in open-source are not fixed by open source developers. Lineaje AI labs analyzed 121,443 open-source projects and discovered 118,573 vulnerabilities in them. The saving grace is that vulnerabilities are not evenly distributed across dependencies.

The Implication

  • Inherited Vulnerabilities: With packages being reused multiple times within a single project, a single compromised package must be patched multiple times for each instance of the component.
  • Direct vs Transitive: The same dependency may exist as both a direct component and a transitive component necessitating different patching approaches.
  • Reachability: The reuse of packages within a project can lead to intricate dependency chains. Reachability has to consider all possible usages of the same package.
Products
SBOM360SBOM360 HubThird Party Risk ManagerOpen Source ManagerLineaje AI
cOMPANY
About UsContact Us
rESOURCES
BlogChart of the WeekSoftware Supply Chain Security SummitFeatureHubLearning CenterNews & CoverageCompliance
© 2024 Lineaje Inc
Terms & Conditions
Privacy Policy