Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/20/2015
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Most Companies Lack Formal Policies to Manage Open Source Security Risks

North Bridge and Black Duck Software announce ninth annual Future of Open Source survey results, revealing trends in corporate OSS use

Burlington, MA – April 16, 2015 – Black Duck Software, the leading OSS Logistics solutions provider enabling the secure management of open source code, and North Bridge, a seed-to-growth venture capital firm, today announced the results of the ninth annual Future of Open Source Survey, which investigates open source software (OSS) trends on a yearly basis. The results from the 2015 survey reflect the increasing adoption of open source and highlight the abundance of organizations participating in the open source community. The need for formal policies and management is growing as open source use becomes increasingly pervasive.

“We look forward to analyzing the results of the Future of Open Source survey each year as it helps us validate the trends we’ve seen with customers to help discover open source in a company’s code base, identify known security vulnerabilities, and track remediation,” said Lou Shipley, CEO, Black Duck Software. “In the results this year, it has become more evident that companies need their management and governance of open source to catch up to their usage. This is critical to reducing potential security, legal, and operational risks while allowing companies to reap the full benefits OSS provides.”

The abundance of corporate open source adoption and participation across industries, and companies of all sizes, has reached an all-time high. Even companies that may have historically relied on more proprietary technologies are realizing they face a competitive disadvantage by not participating in open source projects. Survey results highlight record levels of corporate participation in open source, as well as the greater impact it is having on technology and security. Open source continues to speed innovation, disrupt industries, and improve productivity; however, a reported lack of formal company policies and processes around its consumption points to a need for OSS management and security practices to catch up with this growth in investment and use.

Corporate Open Source Use and Participation Reaches All-Time High

·         Seventy-eight percent of respondents said their companies run part or all of its operations on OSS and 66 percent said their company creates software for customers built on open source. This statistic has nearly doubled since 2010, when 42 percent of respondents in the Future of Open Source survey five years ago said that they used open source in the running of their business or their IT environments.

·         Ninety-three percent said their organization’s use of open source increased or remained the same in the past year.

·         Sixty-four percent of companies currently participate in open source projects – up from 50 percent in 2014 – and over the next 2-3 years, 88 percent are expected to increase contributions to open source projects.

·         Open source has become the default approach for software with more than 66 percent of respondents saying they consider OSS before other options.

OSS Shapes the Future of Technology and Security

·         Fifty-eight percent believe open source affords the greatest ability to scale and 43 percent said OSS provides superior ease of deployment over proprietary software.

·         Fifty-five percent believe open source delivers superior security when lined up against proprietary solutions. The superior security of open source is also expected to rise to 61 percent over the next 2-3 years.

·         When evaluating security technologies for internal use, 45 percent of respondents said open source options are given first consideration.

·         Cloud computing (39%), big data (35%), operating systems (33%), and the Internet of Things (31%) are expected to be impacted most by open source in the next 2-3 years.

Companies Still Lack Formal Policies to Manage Open Source Use

·         More than 55 percent of respondents said their company has no formal policy or procedure for open source consumption. Moreover, only 27 percent have a formal policy for employee contributions to OSS projects.

·         A mere 16 percent have an automated code approval process and less than 42 percent maintain an inventory of open source components.

·         More than 50 percent are not satisfied with their ability to understand known security vulnerabilities in open source components, and only 17 percent plan to monitor open source code for security vulnerabilities.

“Open source has solidified its position as the default base for software development. It is infiltrating almost every facet of the modern enterprise and is outperforming proprietary packages on quality, cost, customization and security. In the startup community we are seeing a continued wave of open source born companies – the next wave of Red Hat, Acquia and Ubuntu while at the same time seeing traditional IT leaders such as H-P and Microsoft grafting open source DNA into their core” said Paul Santinelli, General Partner at North Bridge. “In the coming years, we will see open source unlock the potential of a new generation of technologies – the Internet of Things, big data and cloud computing creating many billions in value.”

Don’t miss the live panel discussion of this year’s Future of Open Source Survey results. Register for the April 16th webinar at 2pm EST for real-world insights from the following open source industry experts:

·         Jeffrey Hammond, Principal Analyst at Forrester Research (@jhammond)

·         Paul Santinelli, Partner at North Bridge Venture Partners (@paulsantinelli)

·         Jane Silber, CEO of Canonical (@silbs)

·         Bill Weinberg, Senior Director of Open Source Strategy at Black Duck Software (@LinuxPundit)

For more survey data, visit: http://www.slideshare.net/blackducksoftware/2015-future-of-open-source-survey-results. Follow @futureofOSS and join the #FutureOSS conversations on Twitter. Visit www.northbridge.com/open-source for all surveys published since 2008 and read more about the industry at the Open Source Delivers blog.

About Black Duck Software

Black Duck Software is the leading OSS Logistics solution provider, enabling enterprises of every size to securely manage open source code and optimize the opportunities that come with open source adoption and management. As part of the greater open source community, Black Duck connects developers to comprehensive open source software (OSS) resources through The Black Duck Open Hub (formerly Ohloh) and to the latest commentary from industry experts through the Open Source Delivers blog. Black Duck is headquartered in Boston and has offices in San Mateo, London, Paris, Frankfurt, Hong Kong, Tokyo, Seoul, and Beijing. For more information about how to leverage open source to deliver faster innovation, greater creativity, and improved efficiency, visit www.blackducksoftware.com and follow the company at @black_duck_sw.

 About North Bridge:

North Bridge actively partners with founders and entrepreneurs of market-leading companies, who are using technology to disrupt and reinvent big markets. With $3.8 billion of capital under management, the firm has funded more than 170 companies creating many billions in market value. Among those firms are Acquia, Actifio, Clarity Software Systems, Dyn, Demandware, Proto Labs, Starent Networks, Seniorlink, Smart Pak and Valence Health. The firm has offices in Waltham, MA and Palo Alto, CA. To learn more about North Bridge go to www.northbridge.com and follow the company @North_Bridge.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "SpearPhish! Everyone out of the office!"
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1919
PUBLISHED: 2019-07-17
A vulnerability in the Cisco FindIT Network Management Software virtual machine (VM) images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges. The vulnerability is due to the presence of an account w...
CVE-2019-1920
PUBLISHED: 2019-07-17
A vulnerability in the 802.11r Fast Transition (FT) implementation for Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected interface. The vulnerability is due to a lack of complete error handling conditi...
CVE-2019-1923
PUBLISHED: 2019-07-17
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by access...
CVE-2019-1940
PUBLISHED: 2019-07-17
A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. The vulnerability is due to insufficient X.509 certifi...
CVE-2019-1941
PUBLISHED: 2019-07-17
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because th...