SAS issued a rather plaintive call for enterprises to limit the number of open source projects they use to a somewhat arbitrary percentage. But there is a good point hidden in the bluster: Using open source responsibly means knowing what you’re using so you can track and maintain it. Third-party components comprise eighty to ninety percent of the code in a typical Java application. Older components have three times as many security flaws as newer versions, and over half of the components used in enterprise apps are over two years old.”]