Thomas Hastings

With the rise of languages that provide package management tools, developers and software engineers are spending more time integrating than coding.

Open source packages save developers hundreds of hours by providing functionality that the developer does not have to write herself.

The code is now part of the developer's software.

What dependencies did the open source project bring in? Do those dependencies have known vulnerabilities?

These are all risks associated with using open source projects.