The report draws on information from several public and private data sources, including a survey of over 500 open source maintainers and users, published reports by a variety of vendors, and data gathered by scanning millions of GitHub repositories and packages on public registries; and internal data from the Snyk vulnerability database as well as hundreds of thousands of projects Snyk monitors and protects.
"We've seen big technology players doubling-down on open source in 2018. In every registry we reviewed, we saw an increasing rate of open source libraries being indexed in every language ecosystem," Tal said.
"Open source package growth translates directly into user adoption, as can be seen when looking at the download numbers for various packages in different ecosystems," Tal explained.
More interesting insights at www.itweb.co.za/content/mYZRXv… but don't miss the caveat at the end about mitigating the vulnerabilities.