This year’s Sonatype report reveals the best practices exhibited by exemplary open source software projects and commercial application development teams. As in years past, it also examines the rapidly expanding supply and continued exponential growth in consumption of open source components.

For the fifth anniversary report, Sonatype collaborated with Gene Kim from IT Revolution, and Dr. Stephen Magill from Galois and MuseDev. Together with Sonatype, the researchers objectively examined and empirically documented, release patterns and cybersecurity hygiene practices across 36,000 open source project teams and 3.7 million open source releases.