Most Companies Lack Formal Policies to Manage Open Source Security Risks

North Bridge and Black Duck Software announce ninth annual Future of Open Source survey results, revealing trends in corporate OSS use

April 20, 2015

6 Min Read


Burlington, MA – April 16, 2015 – Black Duck Software, the leading OSS Logistics solutions provider enabling the secure management of open source code, and North Bridge, a seed-to-growth venture capital firm, today announced the results of the ninth annual Future of Open Source Survey, which investigates open source software (OSS) trends on a yearly basis. The results from the 2015 survey reflect the increasing adoption of open source and highlight the abundance of organizations participating in the open source community. The need for formal policies and management is growing as open source use becomes increasingly pervasive.

“We look forward to analyzing the results of the Future of Open Source survey each year as it helps us validate the trends we’ve seen with customers to help discover open source in a company’s code base, identify known security vulnerabilities, and track remediation,” said Lou Shipley, CEO, Black Duck Software. “In the results this year, it has become more evident that companies need their management and governance of open source to catch up to their usage. This is critical to reducing potential security, legal, and operational risks while allowing companies to reap the full benefits OSS provides.”

The abundance of corporate open source adoption and participation across industries, and companies of all sizes, has reached an all-time high. Even companies that may have historically relied on more proprietary technologies are realizing they face a competitive disadvantage by not participating in open source projects. Survey results highlight record levels of corporate participation in open source, as well as the greater impact it is having on technology and security. Open source continues to speed innovation, disrupt industries, and improve productivity; however, a reported lack of formal company policies and processes around its consumption points to a need for OSS management and security practices to catch up with this growth in investment and use.

Corporate Open Source Use and Participation Reaches All-Time High

·         Seventy-eight percent of respondents said their companies run part or all of its operations on OSS and 66 percent said their company creates software for customers built on open source. This statistic has nearly doubled since 2010, when 42 percent of respondents in the Future of Open Source survey five years ago said that they used open source in the running of their business or their IT environments.

·         Ninety-three percent said their organization’s use of open source increased or remained the same in the past year.

·         Sixty-four percent of companies currently participate in open source projects – up from 50 percent in 2014 – and over the next 2-3 years, 88 percent are expected to increase contributions to open source projects.

·         Open source has become the default approach for software with more than 66 percent of respondents saying they consider OSS before other options.

OSS Shapes the Future of Technology and Security

·         Fifty-eight percent believe open source affords the greatest ability to scale and 43 percent said OSS provides superior ease of deployment over proprietary software.

·         Fifty-five percent believe open source delivers superior security when lined up against proprietary solutions. The superior security of open source is also expected to rise to 61 percent over the next 2-3 years.

·         When evaluating security technologies for internal use, 45 percent of respondents said open source options are given first consideration.

·         Cloud computing (39%), big data (35%), operating systems (33%), and the Internet of Things (31%) are expected to be impacted most by open source in the next 2-3 years.

Companies Still Lack Formal Policies to Manage Open Source Use

·         More than 55 percent of respondents said their company has no formal policy or procedure for open source consumption. Moreover, only 27 percent have a formal policy for employee contributions to OSS projects.

·         A mere 16 percent have an automated code approval process and less than 42 percent maintain an inventory of open source components.

·         More than 50 percent are not satisfied with their ability to understand known security vulnerabilities in open source components, and only 17 percent plan to monitor open source code for security vulnerabilities.

“Open source has solidified its position as the default base for software development. It is infiltrating almost every facet of the modern enterprise and is outperforming proprietary packages on quality, cost, customization and security. In the startup community we are seeing a continued wave of open source born companies – the next wave of Red Hat, Acquia and Ubuntu while at the same time seeing traditional IT leaders such as H-P and Microsoft grafting open source DNA into their core” said Paul Santinelli, General Partner at North Bridge. “In the coming years, we will see open source unlock the potential of a new generation of technologies – the Internet of Things, big data and cloud computing creating many billions in value.”

Don’t miss the live panel discussion of this year’s Future of Open Source Survey results. Register for the April 16th webinar at 2pm EST for real-world insights from the following open source industry experts:

·         Jeffrey Hammond, Principal Analyst at Forrester Research (@jhammond)

·         Paul Santinelli, Partner at North Bridge Venture Partners (@paulsantinelli)

·         Jane Silber, CEO of Canonical (@silbs)

·         Bill Weinberg, Senior Director of Open Source Strategy at Black Duck Software (@LinuxPundit)

For more survey data, visit: Follow @futureofOSS and join the #FutureOSS conversations on Twitter. Visit for all surveys published since 2008 and read more about the industry at the Open Source Delivers blog.

About Black Duck Software

Black Duck Software is the leading OSS Logistics solution provider, enabling enterprises of every size to securely manage open source code and optimize the opportunities that come with open source adoption and management. As part of the greater open source community, Black Duck connects developers to comprehensive open source software (OSS) resources through The Black Duck Open Hub (formerly Ohloh) and to the latest commentary from industry experts through the Open Source Delivers blog. Black Duck is headquartered in Boston and has offices in San Mateo, London, Paris, Frankfurt, Hong Kong, Tokyo, Seoul, and Beijing. For more information about how to leverage open source to deliver faster innovation, greater creativity, and improved efficiency, visit and follow the company at @black_duck_sw.

 About North Bridge:

North Bridge actively partners with founders and entrepreneurs of market-leading companies, who are using technology to disrupt and reinvent big markets. With $3.8 billion of capital under management, the firm has funded more than 170 companies creating many billions in market value. Among those firms are Acquia, Actifio, Clarity Software Systems, Dyn, Demandware, Proto Labs, Starent Networks, Seniorlink, Smart Pak and Valence Health. The firm has offices in Waltham, MA and Palo Alto, CA. To learn more about North Bridge go to and follow the company @North_Bridge.


Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights