Guy has co-founded Snyk, where he deals with the security risk open source dependencies introduce. He is passionate about making a better web and do so through speaking, writing and building tools, mostly on the topics of web security, web performance and responsive design. Before Snyk, he was the CTO of Akamai’s Web Performance business, following its acquisition of his startup, Blaze.
The way we consume open source software (OSS) dramatically changed over the past decade or two. Flash back to the early 2000s, we mostly used large OSS projects from a small number of providers, such as Apache, MySQL, Linux and OpenSSL. These projects came from well-known software shops that maintained good development and quality practices. It wasn’t our code, but it felt trustworthy, and it was safe to assume it didn’t hold more bugs than our own code.
Fast-forward to today and OSS has turned into crowd-sourced marketplaces. Node’s npm carries over 210,000 packages from over 60,000 contributors; RubyGems holds over 110,000 gems, and Maven’s central repository indexes nearly 130,000 artifacts. Packages can be written by anybody, and range from small utilities that convert milliseconds to full-blown web servers. Packages often use other packages in turn, ending with a typical application holding hundreds if not thousands of OSS packages.