ActiveState_Unrestricted_Upgrades_ Cost_Effective_Technical_Debt_Management

The result is growing technical debt in the form of vulnerability backlogs that can result in everything from hampering innovation to disrupting application performance to violating uptime service levels.

When developers add an open source library to their application, 79% of the time they never go back to update it.

– Chris Eng, Chief Research Officer at Veracode

The best example may be downloading prebuilt components from open source repositories despite the fact that: • No details are provided about how the component was built, or from where its source code originated.

• Few organizations have a relationship with the authors of the open source components they use, requiring blind trust. Worse, most components include multiple dependencies, each of whose authors must also be blindly trusted.

• Precompiled binary components are difficult to scan in order to ensure they haven't been compromised.