1. #OSS360

2. #OSS360
Collaborators
Platinum
CollaboratorsCollaborators

3. #OSS360
Black Duck Center for Open Source Research and Innovation
2016-2017
Open Source Security and Risk Analyses
Future of Open Source Reports

4. #OSS360
Agenda
• Demographics
• Open Source Adoption
• Open Source Risks
• Risk Remediation
• A Look to the Future

5. #OSS360
DEMOGRAPHICS

6. #OSS360
Global Survey Response
819 IT Professionals from 91 countries

7. #OSS360
2%
2%
3%
3%
4%
4%
7%
7%
11%
12%
43%
Retail
Health Care
Media
Automotive
Manufacturing
Government/Military
Banking and Financial Services
Education
Other
Consulting
Technology/ISV Telecommunications
Industry Representation

8. #OSS360
Open Source Awareness is Organization Wide
Legal Professional
VP/C-Level Executive
Development
Manager/Director
Other
Security Professional
Systems Architect/CTO
IT Operations/DevOps
Professional
Software Developer
65% of respondents are
developers, IT
operations, system
architects, security
professionals

9. #OSS360
USAGE

10. #OSS360
60% Increased Open Source Usage
26% Remained Constant
Momentum for Open Source Continues to Increase
86% of organizations report Open Source use
increased or remained constant

11. #OSS360
Organizations Use Open Source to…
16%
28%
69%
69%
77%
Embed in hardware products
Develop open source software
Power our infrastructure
Create customer applications
Build internal applications

12. #OSS360
Open Source Fulfills Strategic Objectives
37%
44%
55%
55%
67%
84%
Availablity of skilled developers
Code quality and security
Rate of innovation
Functionality
Freedom to customize code
Low cost with no vendor lock-in

13. #OSS360
Open Source is Core to IT Infrastructure
52%
53%
57%
Systems Management/Operating Systems
Containers/DevOps/Virtualization/Cloud
Computing
Development Tools/Software Development
Lifecycle

14. #OSS360
The Impact of Open Source is Significant
55%
61%
63%
Improves interoperability of systems
Improves quality of solutions we build
Speeds innovation

15. #OSS360
CONTRIBUTION

16. #OSS360
Organizations Recognize Benefits to Participation
34%
46%
53%
Deliver product as open source
Encourage active engagement and
contributions
Fix and enhance existing projects

17. #OSS360
Contributions Reduce Overall Cost of Ownership
Shift From 2016
69% Fix Bugs
33% Reduce Costs
37%
38%
49%
55%
Gain competitive advantage
Fundamental to our product
strategy
Reduce development and
support costs
Fix bugs or add functionality

18. #OSS360
Open Source Community Involvement is Healthy and Growing
48%
said the number of people
contributing to open source in
their organization is increasing.
25%
have more than 50% of their
developers contributing to
one or more OSS projects

19. #OSS360
POLICY and
GOVERNANCE

20. #OSS360
Organizations Understand Open Source Risks ….
53.5%
53.7%
54.6%
Comply with open source licenses
Monitor project and version usage
Aware of known security vulnerabilities

21. #OSS360
…. But Open Source is Still Unmanaged in Most Organizations
60%
don’t have a formal
process for managing
open source or are
unaware of one in their
organization
OVER
Other (please specify)
2%
I don’t know
16%
No, we do not have a
formal process
45%
Yes - Multiple
departmental processes
10%
Yes - standardized
company-wide process
27%
Other
37%

22. #OSS360
Respondents Highlighted Successful Open Source Policies …
33%
39%
39%
42%
Policy guidance in developer tools
Approved open source licenses
Approved open source components
Structured review process for components

23. #OSS360
… But Organizations Still Struggle With Enforcement
24% Policy provides recommendations
but is not reviewed or enforced
14% Code is manually reviewed but
policy is not consistently enforced
Only 15% indicated enforcement with automated controls,
while 25% review code via manual controls and
enforcement

24. #OSS360
RISK

25. #OSS360
Organizations Highlight Ongoing Open Source Risks ….
61%
64%
66%
71%
74%
Adherence to internal development policies
Exposure of internal systems to exploitation
Intellectual property concerns
Exploitation of public facing applications
Unknown quality of components

26. #OSS360
50% Indicated open source reviews rely primarily on developer information
38% Don’t review code for open source
…. But Open Source Reviews Aren’t Thorough
45% review for open
source code usage
during development

27. #OSS360
Open Source Code Review Models
23%
27%
28%
38%
String search and visual inspection
Internally developed tools
Third party tools
No open source code review
Over 60% had no
structured open source
code review process

28. #OSS360
Manual Vulnerability Assessments Challenge Security Orgs
25%
have no process for
identifying, tracking or
remediating known open
source vulnerabilities
OVER
50%
say internal resources
manually identify and track
remediation of known
open source vulnerabilities
OVER

29. #OSS360
57% Developers responsible for identifying and tracking open source vulnerabilities
40% Security Team takes ownership of tracking code usage
26% Nobody has explicit responsibility
Shift From 2016
50% revealed no team took
responsibility for tracking
open source vulnerabilities
Open Source Security Is a Shared Responsibility

30. #OSS360
LOOKING FORWARD

31. #OSS360
2017 Insights
• The world’s appetite for open source software
continues at a furious pace.
• Open source solutions reduce development
costs and increase time to market
• Awareness of security risks in open source
components is increasing
• Even if organizations aren’t aware of their open
source usage, open source is present in IT
workloads in 90% of organizations

32. #OSS360
Open Source is Fundamental to Modern Software
Driving Us Forward
• Default development model for new apps
• Builds on the success of others
• Shares critical expertise between orgs
• Accelerates product innovation
• Solves critical business problems
• Improves IT processes

33. #OSS360
Challenges Ahead
• Effective management of open source is not keeping
pace with its increased usage
• High profile vulnerabilities highlight a need for
greater security process
• Lack of automation opens the
door to increased risk

34. #OSS360
Own Your Success – Participate in OSS Communities
Active community engagement …
• Increases project vibrancy
• Ensures project longevity and innovation
• Reduces security risks
• Ensures bugs are fixed quickly and properly
Get involved.
Build something amazing.
Have fun.

35. #OSS360
ARNOLD LEUNG
@APPNOVATION
CEO
When it comes to technology, our commitment to open
source is right there in our branding…open digital delivered.
From the start, we have been proud of our ability not just do
support, but to drive pen technologies. By adopting this
progressive, collaborative approach, we have enabled our
company to go beyond being just architects, and become
digital solutions providers, harnessing all the power of open
technologies, all for the benefit of our clients" said
Appnovation CEO Arnold Leung. ”This continued commitment
makes us not only a company that remains innovative as well
as competitive, it tangibly demonstrates the fact that we are
open source evangelists, with an unrelenting desire to spread
the open technologies message."

36. #OSS360
APPNOVATION
@APPNOVATION
PROBLEM
TCL (The Creative Life), the third largest TV manufacturer in the
world, needed a Drupal 8 redesign for their flagship site.
Appnovation was asked to look at the issues, and conceptualize,
then deliver a sleek aesthetic showroom, designed to afford users
an improved, and superb user experience in terms of navigation.
SOLUTION
Our solution was to use and deploy the finest elements of
Drupal 8, thus ensuring that everything was complete,
feature rich, user friendly and aesthetically outstanding.
The result was a sleek, sophisticated and user friendly site.
Appnovation is a global Digital
Solutions and Managed Services
provider delivering strategy,
application development and
enterprise integration on
leading open technologies.

37. #OSS360
MAIK AUSSENDORF
@BAREOS_BACKUP
MANAGING DIRECTOR
Would you buy a new safe for your physical values
and leave the key at the vendor, who will only give
you access to your valuables as long as you
continuously pay license fees?
A lot of backup users share this experience: they
can access their digital assets in case of emergency
only as long as paying license fees for their
proprietary backup solution
Long term and sustainable data sovereignty is only
possible with an Open Source Backup solution.“

38. #OSS360
BAREOS
WWW.CARDTECH.DE
PROBLEM
• The increasing amount of sensible data became uncomfortable
to be backed up using the existing backup solution which
required a huge maintenance workload.
• For compliance reasons a secure erase of temporary data was
mandatory
SOLUTION
l Backing up data using Bareos, the implementation of
processes and a specific engineered backup strategy on
a high level of automation exculpate the IT-personnel
l The Bareos team implemented the missing secure
erase feature as funded development
• Cardtech is a payment
service provider
• Under supervision o f the
German Federal Financial
Supervisory Authority
(BaFin)
• Secure Backup with Bareos
• Meet Compliance
• No vendor-lock-in

39. #OSS360
NAVIN BUDHIRAJA
@NAVINB @INFOSYS
SVP - HEAD – ARCHITECTURE,
TECHNOLOGY & EDUCATION,
Open Source software has become the primary engine
of innovation, and should now be viewed as the key
building block of all modern enterprise architectures.
Innovation in areas like cloud computing, big data,
artificial intelligence, DevOps and modern web
frameworks are all happening in the Open Source
ecosystem, and the adoption of these technologies in
enterprises is benefiting from the foundation of Linux
that enterprise IT departments have already invested
in. Infosys is actively taking Open Source, and Open
Source based products, to all our enterprise clients.”

40. #OSS360
INFOSYS
@INFOSYS
PROBLEM
Payment disputes are an important reason for increased Days Sales
Outstanding (DSO), which is exacerbated by an incorrect collection
strategy, which not only increases DSO, but incorrect or aggressive
collection strategy may also result in poor customer experience. A
customer order propagates through multiple, incompatible ERP systems;
any inconsistency in information could result in a payment dispute.
**DSO is a key business metric. A large DSO can result in cash flow problems
SOLUTION
Infosys NiaTM - The Next Generation Integrated Artificial
Intelligence Platform, built leveraging Open Source -
ingests data from all the different systems – ERP, Order
management, invoicing within the organization. This data
in conjunction with external macro-economic and
behavioral data was utilized to create a customer risk
profile and aggregated to predict the total account value at
risk. This allowed the organization to customize collection
strategy for each customer, expedite resolution of disputes
and prevent disputes, improve cash-flow forecasting.
Infosys is a global leader in technology
services and consulting. We enable clients
in more than 45 countries to create and
execute strategies for their digital
transformation. From engineering to
application development, knowledge
management and business process
management, we help our clients find the
right problems to solve, and to solve
these effectively. Our team of 200,000+
innovators, across the globe, is
differentiated by the imagination,
knowledge and experience, across
industries and technologies that we bring
to every project we undertake.

41. #OSS360
TIM YEATON
@TBYEATON, @REDHATNEWS
EXECUTIVE VICE
PRESIDENT &CHIEF
MARKETING OFFICER
"Open source is synonymous with innovation,
helping organizations around the world solve complex
problems faster and create modern technology
platforms that enable them to deliver new services to
customers. These are key reasons why I believe this
year's survey results show that a majority of respondents
have increased their use of open source solutions,
including in key areas like developer tools, machine
learning, IoT, and software-defined networking."

42. #OSS360
ANDREW AITKEN
@ANDREWOLLIANCE,@WIPRO
GM & GLOBAL OPEN
SOURCE LEADER
Today, “Open Source First” is the new mantra for
enterprises. The reason; open source is seen less as only
a cost savings measure but as a key tool to drive
competitive business advantage. Open source enables
faster thought-to-production, innovation, efficiency and a
better way of building software. With the explosion of
open source projects that add massive value to
enterprises, the Open Source First mantra will continue
to gain momentum and will soon become the default way
of computing.

43. #OSS360
WIPRO
@WIPRO
PROBLEM
A leading US based financial services company realised that a large
monolithic payments application was not agile enough to address the
business growth in m-Commerce and retail sector. The client had a critical
need for a next generation platform to build innovative, agile and scalable
solutions leveraging a microservices framework.
SOLUTION
Wipro provided advisory, governance and technical
consulting services to build the next gen platform for the
client’s payment gateway.
§ Assisted in refining the enterprise open source strategy,
developed governance, community and procurement
models, and open sourcing of their own software.
§ Evaluated & recommended open source software’s to
build next gen platform
§ Delivered a scalable platform to address future growth
§ Ensured high availability to address five nines application
on three nines infrastructure stack
§ Developed the platform components and core features
Wipro is a leading information
technology, consulting business
process services company that
delivers solutions to enable its
clients to do business better.
Wipro delivers winning business
outcomes through its deep
industry experience and a 360
degree view of “Business
through Technology”.

44. #OSS360
Thank You!
Platinum
CollaboratorsCollaborators