OK, I admit it. I rely on Adrian Colyer to read dense computer science articles that are loaded with math beyond my comprehension. On his blog, Colyer promises to review “an interesting/influential/important paper from the world of computer science” each weekday (Whew! He must have a long commute to his day job, as a Venture Partner at London’s Accel).
By its very nature, open source proves that imitation is a form of flattery but has this gone too far? Of course not. Long live copycats. Yet, the prevalence of dependencies creates unique challenges for security and software quality. There are ways to address these issues. GitHub has created tools to identify dependencies. Along with many security companies, Libraries.io has created tools to check your repositories’ components versus their original source in the software supply chain. From a metrics perspective, we continue to gain consensus on just how to track these types of ecosystem dependencies. Stay tuned.