Endor labs logo

State of Dependency Management 2023

As modern software trends toward distributed architectures, microservices, and extensive use of third party and open source components, dependency management only gets harder.  Our latest report explores emerging trends that software organizations need to consider as part of their security strategy.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Contributors and Reviewers

Kathy Wang,
CISO, Discord
Talha Tariq,
CISO, Hashicorp
Anshu Gupta,
VP Security, Fast
Niall Browne, CISO,
Palo Alto Networks
Maarten Van Horenbeeck,
CISO, Adobe
Yassir Abousselham,
CISO, UiPath
Selim Aissi,
CISO, Blackhawk Network
Jonathan Meadows
MD Cybersecurity, Citi
Ody Lupescu,
VP Security, Ethos
Clint Maples,
CISO, Robert Half
Justin Dolly,
CSO, Sauce Labs
Arkadiy Goykhberg,
CISO, Branch Insurance
Gerhard Eschelbeck,
CISO, Kodiak Robotics
Colin Anderson,
CISO, Ceridian
Ralph Pyne,
CISO, Apollo.io
Rachit Lohani,
CTO, Paylocity
  • AI and LLM caused an explosion of OSS - 70% of packages using OpenAI's APIs are brand new packages.
  • AI does not replace AppSec engineers - Current LLM technologies have a low precision rate of less than 10% when analyzing malware.
  • 55% of applications have calls to security sensitive APIs in their code base, but that rises to 95% when dependencies are included.
  • 71% of typical Java application code is from open source components, yet apps use only 12% of imported code.