Dependency Issues: Solving the World’s Open-Source Software Security Problem

The idea of a lone programmer relying on their own genius and technical acumen to create the next great piece of software was always a stretch. Today it is more of a myth than ever. Competitive market forces mean that software developers must rely on code created by an unknown number of other programmers. As a result, most software is best thought of as bricolage — diverse, usually open-source components, often called dependencies, stitched together with bits of custom code into a new application.

This software engineering paradigm — programmers reusing open-source software components rather than repeatedly duplicating the efforts