How much Open Source Software do you have? Measure it for Free!

“Once open source gets good enough, competing with it would be insane.”

2006, Larry Ellison, the chairman of Oracle in conversation with the Financial Times.

Is Open Source Eating the World’s Software?

It’s in your operating system, browser, and favorite games. It’s in the apps you use every day and the tools you use to make them.

But how much open source software is actually out there? We know it’s growing at an incredible rate, but how much of our software is open? How much of our software is built on other people’s open source code? How much of our software is a derivative work from someone else’s open source code? How much open source do we use in our daily lives?

And what about the parts of our tech that are closed but still rely on open source code? Is there any way to measure how much closed-source software uses open source libraries or frameworks in its development process?

In this paper, the industry experts propose a methodology and associated tool that can analyze Java binaries and determine the proportion of open source that comprises them. It also presents empirical measurements of 5 commercial Java software systems, reporting OSS proportions between 76% to 99% among these 5 systems.

This analysis also includes a historical look at one of the subject systems, covering 6 versions and 12 years. The results show that the proportion of open source in this system has steadily increased over time.

Access the article and read the full analysis!

Download the Free Tool Today!


Download your copy now!

[contact-form-7 id="271" title="White Paper Download"]

Discover More from MergeBase

Open Source Protection

Stay on top of the real risk of open source at any time.

Avoid false positives and get sophisticated upgrade guidance based on risk, compatibility, and popularity.

More on Continuous Protection

Add Dynamic Application Surveillance and Hardening

Detect and defend against known-vulnerabilities at runtime. The only SCA to do so.

The quickest way to respond to an imminent threat like log4j with CVE-2021-44228.

More on Runtime

Shift Left Now

MergeBase directly integrates with Github and Bitbucket to provide an early warning system for your in-house development

Product Overview