Awfully pleased to meet you: survey finds open source needs more formal policies

A new study has suggested that while nearly 80% of firms are making use of open source software, the vast majority of them have no formal policies to accommodate for its existence in place.

p1894mv2141b6t109v41sajta2b5.jpg

The survey stems from work carried out by Black Duck Software, a firm focused on open source software logistics solutions to secure management of open source code.

Gangnan ITAM style

According to the study, less than 42% of organisations maintain a IT Asset Management (ITAM) style inventory of open source components.

“We look forward to analysing the results of the Future of Open Source survey each year as it helps us validate the trends we’ve seen with customers to help discover open source in a company’s code base, identify known security vulnerabilities, and track remediation,” said Lou Shipley, CEO, Black Duck Software.

Slightly (arguably) less believable are claims that 50% of respondents to this survey said they were not satisfied with their own capability to understand known security vulnerabilities in open source components.

A surprisingly low 17% said they planned to monitor open source code for security flaws.

Shipley has also added the following comment, “In the results this year, it has become more evident that companies need their management and governance of open source to catch up to their usage. This is critical to reducing potential security, legal, and operational risks while allowing companies to reap the full benefits OSS provides.”

Seed-to-growth & soup-to-nuts

Seed-to-growth venture capital firm North Bridge was also involved in the research here.

Image credit: robbreport.com/fashion

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Before looking at policies and process, there are simple open source tools like fossology and scancode that go a long way in knowing what open source is in use.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close