Since Apache Maven, the brainchild of Sonatype founder Jason van Zyl, emerged as a top-level Apache Software Foundation project in 2003, the Central Repository has become a primary source of open source components. Jackson says the Central Repository receives four billion requests per year for its 300,000 components.
But after crunching the data on how the Central Repository's components are used--with the help of application security specialist Aspect Security--Jackson says he believes organizations need to be much more diligent in their practices around open source components because many are exposing themselves to risk by deploying older, vulnerable versions of components.

The link for this article located at Network World is no longer available.