Open Source Insider

Nov 23 2015   9:31AM GMT

Awfully pleased to meet you: survey finds open source needs more formal policies

Adrian Bridgwater Adrian Bridgwater Profile: Adrian Bridgwater

Tags:
BlackDuck
Open source
Open source security

A new study has suggested that while nearly 80% of firms are making use of open source software, the vast majority of them have no formal policies to accommodate for its existence in place.

p1894mv2141b6t109v41sajta2b5.jpg

The survey stems from work carried out by Black Duck Software, a firm focused on open source software logistics solutions to secure management of open source code.

Gangnan ITAM style

According to the study, less than 42% of organisations maintain a IT Asset Management (ITAM) style inventory of open source components.

“We look forward to analysing the results of the Future of Open Source survey each year as it helps us validate the trends we’ve seen with customers to help discover open source in a company’s code base, identify known security vulnerabilities, and track remediation,” said Lou Shipley, CEO, Black Duck Software.

Slightly (arguably) less believable are claims that 50% of respondents to this survey said they were not satisfied with their own capability to understand known security vulnerabilities in open source components.

A surprisingly low 17% said they planned to monitor open source code for security flaws.

Shipley has also added the following comment, “In the results this year, it has become more evident that companies need their management and governance of open source to catch up to their usage. This is critical to reducing potential security, legal, and operational risks while allowing companies to reap the full benefits OSS provides.”

Seed-to-growth & soup-to-nuts

Seed-to-growth venture capital firm North Bridge was also involved in the research here.

Image credit: robbreport.com/fashion

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Joe Limome
    Before looking at policies and process, there are simple open source tools like fossology and scancode that go a long way in knowing what open source is in use.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: