State of Dependency Management 2023
As modern software trends toward distributed architectures, microservices, and extensive use of third party and open source components, dependency management only gets harder. Our latest report explores emerging trends that software organizations need to consider as part of their security strategy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Contributors and Reviewers
Kathy Wang,
CISO, Discord
CISO, Discord
Talha Tariq,
CISO, Hashicorp
CISO, Hashicorp
Anshu Gupta,
VP Security, Fast
VP Security, Fast
Niall Browne, CISO,
Palo Alto Networks
Palo Alto Networks
Maarten Van Horenbeeck,
CISO, Adobe
CISO, Adobe
Yassir Abousselham,
CISO, UiPath
CISO, UiPath
Selim Aissi,
CISO, Blackhawk Network
CISO, Blackhawk Network
Jonathan Meadows
MD Cybersecurity, Citi
MD Cybersecurity, Citi
Ody Lupescu,
VP Security, Ethos
VP Security, Ethos
Clint Maples,
CISO, Robert Half
CISO, Robert Half
Justin Dolly,
CSO, Sauce Labs
CSO, Sauce Labs
Arkadiy Goykhberg,
CISO, Branch Insurance
CISO, Branch Insurance
Gerhard Eschelbeck,
CISO, Kodiak Robotics
CISO, Kodiak Robotics
Colin Anderson,
CISO, Ceridian
CISO, Ceridian
Ralph Pyne,
CISO, Apollo.io
CISO, Apollo.io
Rachit Lohani,
CTO, Paylocity
CTO, Paylocity
- AI and LLM caused an explosion of OSS - 70% of packages using OpenAI's APIs are brand new packages.
- AI does not replace AppSec engineers - Current LLM technologies have a low precision rate of less than 10% when analyzing malware.
- 55% of applications have calls to security sensitive APIs in their code base, but that rises to 95% when dependencies are included.
- 71% of typical Java application code is from open source components, yet apps use only 12% of imported code.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get the full report!
