Many software developers and enterprise users have been lax or oblivious to the need to properly manage open source software, suggest survey results Flexera released Tuesday.
Companies are not mindful of open source components and fail to monitor security implications, according to the report, which highlights the consequences of failure to establish open source acquisition and usage policies, and to follow best practices.
Flexera polled more than 400 commercial software suppliers and in-house software development teams within enterprises about their open source practices.
More than half of the software products currently in use contain open source components, based on the survey’s findings.
Open source software allows companies to be nimble in their development, but the risks and security implications are grossly overlooked and not adequately managed, according to Flexera’s research team.
“We did this study to put some numbers behind what we have been seeing with open source developers over the last decade,” said Jeff Luszcz, vice president of product management at Flexera.
What still is surprising in the 2017 process is how little process and control there is around the use of open source and commercial code in software development, he told LinuxInsider.
Among those who responded to Flexera’s survey were software suppliers, Internet of Things manufacturers and members of in-house development teams. Their responses formed the basis of Flexera’s report, “Open Source Risk — Fact or Fiction.”
A clear benefit of open source software is that it helps software suppliers to be nimble and build products faster, according to Flexera. The report reveals hidden software supply chain risks that all software suppliers and IoT manufacturers should know about.
Only 37 percent of respondents had an open source acquisition or usage policy.
Sixty-three percent said either that their companies did not have an open source acquisition or usage policy, or they did not know if one existed.
Thirty-nine percent of respondents said that either no one within their company was responsible for open source compliance, or they did not know who was.
Thirty-three percent of respondents said their companies contributed to open source projects.
Of the 63 percent who said their companies did not have an open source acquisition or usage policy, 43 percent said they contributed to open source projects.
Open Source is a clear win. Ready-to-go code gets products out the door faster, which is important given the lightning pace of software development, said Flexera’s Luszcz.
More Information : http://ummahlink.org/