Too Long; Didn't Read
Over 90% of application components come from open source, meaning most of what we use to build software comes from the global open source software supply chain. The optimal version to choose is typically 2.7 versions back from the latest “bleeding edge” release, likely because they’ve been accessed and updated for updates. The average application contains 128 open source dependencies, and developers must constantly decide when (and when not) update third-party dependencies inside of their applications. A review of 100,000 applications and more than 4,000,000 component migrations (upgrades) found that the majority were suboptimal.