Introduction 4
CHAPTER 1 5
Open Season on Open Source 5
Software Supply Chain Attacks: Past and Future 6
Rise of Next-Gen Software Supply Chain Attacks (2015-2020) 7
Speed Remains Critical When Responding to Legacy Software Supply Chain Attacks 10
CHAPTER 2 12
Open Source: Supply and Demand 12
JavaScript 13
Java 14
.NET 14
DockerHub 14
Chapter 3 15
Identifying Exemplary Open Source Suppliers 15
Researching the Best Performing OSS Projects 16
Finding Different Behavioral Groups 16
Exemplars 16
Laggards 17
Cautious Teams 17
Projects with Updated Dependencies Are More Secure 18
Guidance for Open Source Project Owners and Contributors 19
Guidance for Enterprise Development Teams 19
Chapter 4 20
How High Performance Teams Manage Open Source Software Supply Chains 20
Survey of Open Source Management Practices 21
Comparing High Performers vs. Low Performers 23
Comparing High Performers vs. Security First 23
Variables Most Impacting Performance and Risk Management 24
Influencing Risk Management Outcomes 24
Influencing Productivity Outcomes 26
Influencing Job Satisfaction 27
Guidance for Enterprise Development Teams 27
Patterns Across OSS Component Updates: Easy, Difficult, and Planned 28
Chapter 5 31
The Trust and Integrity of Software Supply Chains 31
1 in 10 OSS Downloads Are Vulnerable 32
Enterprises Rely on Code from 3,500 Suppliers, But Quality Varies 33
OSS Components Make Up 90% of a Modern Application 33
21% of Enterprises Experienced Open Source Breaches 34
Chapter 6 35
The Changing OSS Landscape: Social Activism and Government Standards 35
Social Activism and Open Source Software 36
Governments Apply New Standards to Secure Software Supply Chains 36
United States 36
United Kingdom 38
Australia 39
Summary 40
Sources 41
Appendix A 42
Appendix B 43

upload/duxiu_main2/【星空藏书馆】/【星空藏书馆】等多个文件/图书馆8号/市场研报/各大细分行业研报资料/计算机软件/extracted__计算机软件行业（2020年1-10月，110份).zip/sonatype-2020年软件供应链状况报告（英文）-2020.8-44页.pdf

producers:
Adobe PDF Library 15.0

2025-01-15