Recently, Tidelift published the results of our 2018 survey of professional open source users and maintainers. There are several surprising findings in there, but one that didn’t surprise me a bit was that professional developers reported 92% of their applications contain open source libraries. In fact, more than two thirds of survey respondents said that 100% of their applications make use of at least some open source dependencies.
I spend most of my time talking to professional engineering and product teams, which is why this finding is no shocker to me. For the modern software organization, using open source components is not just the best way—it’s the only way.
Open source is amazing. Yet, as with all good things, there are some tradeoffs. Many open source projects are dependent on each other, yet there is no single organization out there ensuring that all of the pieces play well together. Issues related to cross-package maintenance, security, and licensing from different projects tend to crop up when you least expect them.
What we’re doing about it at Tidelift
At Tidelift, we work to ensure development teams have open source software they can depend on. We know from data and experience that in order to understand the risks and opportunities in open source you need to understand your current dependencies.
Starting this week, we are offering professional software teams the ability to sign up for a 20-minute open source software assessment from one of our open source specialists.
On this assessment you will learn:
- Which dependencies have identified security vulnerabilities
- Which dependencies are deprecated or unmaintained
- Which dependencies have missing or non-compliant licenses
- How direct and transitive dependencies impact your production projects
Ready to take the first step? Request an assessment for your organization.