Computer Weekly

Virtually all vulnerable open source downloads are avoidable

Open source consumers are downloading about 1.2 billion known vulnerable Java dependencies every month, and whether out of lack of attention, ignorance, stress and overwork or something else, 96% of ...
InfoWorld

Report finds few open source projects actively maintained

Sonatype’s annual software supply chain analysis finds open source project maintenance in decline, while 1 in 8 open source downloads have a known risk. A recent analysis accounting for nearly 1.2 ...
Financial Post

Sonatype's 8th Annual State of the Software Supply Chain Report Finds 96% of Known-Vulnerable Open Source Downloads Are Avoidable

New Data Shows 1.2 Billion Known-Vulnerable Java Dependencies Are Consumed Each Month, Revealing Open Source Consumers As Primary Source of Risk According to the report, this means 1.2 billion ...