The explosive growth in open-source software raises questions about how new or old your software components are, and whether they’re exposing your organization to risk.
OSS component use in modern software systems is at an all-time high with over 70% of applications using OSS components according to the Linux foundation. Some studies even show the figure is well over 90%. There are clear benefits to using OSS components when developing software applications: faster time to market, standardization, and more. But how do you know you are using OSS components that are in the “prime of their lives” and not obsolete or immature?
Selecting technology in its prime
When selecting just about any technology (automobiles, consumer electronics, video games, you name it) we always strive to ensure two important things:
- Is this technology still supported so I can use it for a long time without worrying it will soon stop working?
- Is this technology too new and unproven?
Let’s take automobiles, for instance. Is the car I’m considering so old that finding parts is going to cost me an arm and a leg? Will I be able to find someone that still knows how to repair it, or is this car so new that it has no track record yet and I have no idea what I am getting into? Here’s another simple example: I’m an avid video gamer and I find myself asking very similar questions before a purchase. Is this game so old that it is no longer getting updates and none of my friends are playing it anymore? Or is it so new that it is still too buggy to enjoy?
These types of questions hold true for all categories of technology, especially enterprise software applications that are becoming increasingly dependent on OSS components.
The lifespan of OSS components
The CAST Highlight 3rd party component knowledgebase that supports the Software Composition Analysis (SCA) capabilities of the product is currently comprised of over 100 million components and there are more than 150 million unique versions of those components.
All these components are in various stages of their lives. Some are healthy with frequent updates. Some are out of date and have not been updated in years. Others are brand new with only a single version having been released. Like the automobile example above, organizations should ensure they are using OSS components that are actively supported to avoid a critical software system depending on an obsolete software component. Conversely, they should also avoid using components that are so new they’re unproven or unstable. Both scenarios represent a huge operational risk, especially for business-critical software systems.
This is where the new OSS Component Lifespan Insights capability available in the Summer 2023 release of CAST Highlight comes into play. It automatically identifies potentially obsolete components that have not had a new version released in over five years, indicating that they are possibly deprecated at this point. It also automatically identifies immature components that are less than 12 months old, indicating they are possibly too new and unstable. For a single application with a small number of components, determining this information manually may not be that challenging. But imagine trying to determine this across hundreds of applications using thousands of OSS components. This is where the automated nature of CAST Highlight truly helps.
By leveraging these automatically generated insights, organizations can make smarter decisions about the OSS to use in their applications and choose components that are truly in the “prime of their lives” reducing the risk of operational failures.
Click here to learn about all the latest innovations available in the Summer 2023 product release of CAST Highlight, the control tower for your applications.