Working out what’s what with your program’s open source elements can be a real pain in the rump. It can be really hard to track a software project’s open source dependencies and their security ramifications.
Many of these will be all too familiar to you: Components with known vulnerabilities.
And, coping with open source licenses in your code is just part of any software company’s business these days.
The report also underscores the importance of understanding the properties of open source dependencies and their corresponding projects and stakeholders.