SRC006 — https://www.sonatype.com/press-releases/sonatypes-10th-annual-state-of-the-software-supply-chain-report¶
Contents¶
Metadata¶
| Field | Value |
|---|---|
| URL | https://www.sonatype.com/press-releases/sonatypes-10th-annual-state-of-the-software-supply-chain-report |
| Authors | Sonatype |
| Date | October 10, 2024 |
Content Summary¶
Sonatype press release for the 10th annual report confirms: 95% of the time when vulnerable components are consumed, a fixed version already exists. Also reports 80% of application dependencies remain un-upgraded for over a year, 156% surge in open source malware, and analysis covered 7 million open source projects.
Reliability: High¶
Official press release from the report publisher with specific cited figures.
Relevance: High¶
Directly confirms the 95% figure from claim C004.
Bias Assessment¶
| Domain | Rating | Rationale |
|---|---|---|
| Missing Data | Some concerns | Press release format lacks methodological detail. |
| Measurement | Low risk | References telemetry-based analysis. |
| Selective Reporting | Some concerns | Press release highlights the most dramatic findings. |
| Randomization | N/A | Not an RCT. |
| Protocol Deviation | N/A | Not an RCT. |
| Conflict Of Interest | High risk | Sonatype press release promoting their product through alarming statistics. |