Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
#OSS360
#OSS360
Collaborators
Platinum
CollaboratorsCollaborators
#OSS360
Black Duck Center for Open Source Research and Innovation
2016-2017	
Open	Source	Security	and	Risk	Analyses
Future...
#OSS360
Agenda
• Demographics
• Open Source Adoption
• Open Source Risks
• Risk Remediation
• A Look to the Future
#OSS360
DEMOGRAPHICS
#OSS360
Global Survey Response
819 IT Professionals from 91 countries
#OSS360
2%
2%
3%
3%
4%
4%
7%
7%
11%
12%
43%
Retail
Health Care
Media
Automotive
Manufacturing
Government/Military
Banking ...
#OSS360
Open Source Awareness is Organization Wide
Legal	Professional
VP/C-Level	Executive
Development	
Manager/Director
O...
#OSS360
USAGE
#OSS360
60% Increased Open Source Usage
26% Remained Constant
Momentum for Open Source Continues to Increase
86% of organi...
#OSS360
Organizations Use Open Source to…
16%
28%
69%
69%
77%
Embed in hardware products
Develop open source software
Powe...
#OSS360
Open Source Fulfills Strategic Objectives
37%
44%
55%
55%
67%
84%
Availablity of skilled developers
Code quality a...
#OSS360
Open Source is Core to IT Infrastructure
52%
53%
57%
Systems Management/Operating Systems
Containers/DevOps/Virtua...
#OSS360
The Impact of Open Source is Significant
55%
61%
63%
Improves interoperability of systems
Improves quality of solu...
#OSS360
CONTRIBUTION
#OSS360
Organizations Recognize Benefits to Participation
34%
46%
53%
Deliver product as open source
Encourage active enga...
#OSS360
Contributions Reduce Overall Cost of Ownership
Shift	From	2016
69%	Fix	Bugs
33%	Reduce	Costs
37%
38%
49%
55%
Gain ...
#OSS360
Open Source Community Involvement is Healthy and Growing
48%
said the number of people
contributing to open source...
#OSS360
POLICY and
GOVERNANCE
#OSS360
Organizations Understand Open Source Risks ….
53.5%
53.7%
54.6%
Comply with open source licenses
Monitor project a...
#OSS360
…. But Open Source is Still Unmanaged in Most Organizations
60%
don’t have a formal
process for managing
open sour...
#OSS360
Respondents Highlighted Successful Open Source Policies …
33%
39%
39%
42%
Policy guidance in developer tools
Appro...
#OSS360
… But Organizations Still Struggle With Enforcement
24% Policy provides recommendations
but is not reviewed or enf...
#OSS360
RISK
#OSS360
Organizations Highlight Ongoing Open Source Risks ….
61%
64%
66%
71%
74%
Adherence to internal development policie...
#OSS360
50% Indicated open source reviews rely primarily on developer information
38% Don’t review code for open source
…....
#OSS360
Open Source Code Review Models
23%
27%
28%
38%
String search and visual inspection
Internally developed tools
Thir...
#OSS360
Manual Vulnerability Assessments Challenge Security Orgs
25%
have no process for
identifying, tracking or
remediat...
#OSS360
57% Developers responsible for identifying and tracking open source vulnerabilities
40% Security Team takes owners...
#OSS360
LOOKING FORWARD
#OSS360
2017 Insights
• The world’s appetite for open source software
continues at a furious pace.
• Open source solutions...
#OSS360
Open Source is Fundamental to Modern Software
Driving Us Forward
• Default development model for new apps
• Builds...
#OSS360
Challenges Ahead
• Effective management of open source is not keeping
pace with its increased usage
• High profile...
#OSS360
Own Your Success – Participate in OSS Communities
Active community engagement …
• Increases project vibrancy
• Ens...
#OSS360
ARNOLD LEUNG
@APPNOVATION
CEO
When it comes to technology, our commitment to open
source is right there in our bra...
#OSS360
APPNOVATION
@APPNOVATION
PROBLEM
TCL (The Creative Life), the third largest TV manufacturer in the
world, needed a...
#OSS360
MAIK	AUSSENDORF
@BAREOS_BACKUP
MANAGING DIRECTOR
Would you buy a new safe for your physical values
and leave the k...
#OSS360
BAREOS
WWW.CARDTECH.DE
PROBLEM
• The increasing amount of sensible data became uncomfortable
to be backed up using...
#OSS360
NAVIN BUDHIRAJA
@NAVINB @INFOSYS
SVP - HEAD – ARCHITECTURE,
TECHNOLOGY & EDUCATION,
Open Source software has becom...
#OSS360
INFOSYS
@INFOSYS
PROBLEM
Payment disputes are an important reason for increased Days Sales
Outstanding (DSO), whic...
#OSS360
TIM YEATON
@TBYEATON, @REDHATNEWS
EXECUTIVE VICE
PRESIDENT &CHIEF
MARKETING OFFICER
"Open	source	is	synonymous	wit...
#OSS360
ANDREW AITKEN
@ANDREWOLLIANCE,@WIPRO
GM & GLOBAL OPEN
SOURCE LEADER
Today,	“Open	Source	First”	is	the	new	mantra	f...
#OSS360
WIPRO
@WIPRO
PROBLEM
A leading US based financial services company realised that a large
monolithic payments appli...
#OSS360
Thank You!
Platinum
CollaboratorsCollaborators
Upcoming SlideShare
Loading in …5
×

You Can’t Live Without Open Source - Results from the Open Source 360 Survey

3,090 views

Published on

Today, open source drives technology and development, and its worldwide adoption ranges from companies with a single employee to large corporations like Microsoft and Apple. All of these organizations rely on open source to innovate, reduce development costs, and speed time to market. Recent research reports point out that open source comprises 80% to 90% of the code in a typical application. Our Open Source 360° survey provides an update on the rapid evolution of open source development, use and management.

The 2017 Open Source 360° survey was conducted through Black Duck’s Center for Open Source Research & Innovation (COSRI), focusing on four important areas of open source – usage, risk, contributions and governance/policies. Our respondents include input from new players, established leaders, and influencers across vertical markets and communities. This range of respondents drives broad industry awareness and discussions of these key issues.

Published in: Technology
  • Be the first to comment

You Can’t Live Without Open Source - Results from the Open Source 360 Survey

  1. 1. #OSS360
  2. 2. #OSS360 Collaborators Platinum CollaboratorsCollaborators
  3. 3. #OSS360 Black Duck Center for Open Source Research and Innovation 2016-2017 Open Source Security and Risk Analyses Future of Open Source Reports
  4. 4. #OSS360 Agenda • Demographics • Open Source Adoption • Open Source Risks • Risk Remediation • A Look to the Future
  5. 5. #OSS360 DEMOGRAPHICS
  6. 6. #OSS360 Global Survey Response 819 IT Professionals from 91 countries
  7. 7. #OSS360 2% 2% 3% 3% 4% 4% 7% 7% 11% 12% 43% Retail Health Care Media Automotive Manufacturing Government/Military Banking and Financial Services Education Other Consulting Technology/ISV Telecommunications Industry Representation
  8. 8. #OSS360 Open Source Awareness is Organization Wide Legal Professional VP/C-Level Executive Development Manager/Director Other Security Professional Systems Architect/CTO IT Operations/DevOps Professional Software Developer 65% of respondents are developers, IT operations, system architects, security professionals
  9. 9. #OSS360 USAGE
  10. 10. #OSS360 60% Increased Open Source Usage 26% Remained Constant Momentum for Open Source Continues to Increase 86% of organizations report Open Source use increased or remained constant
  11. 11. #OSS360 Organizations Use Open Source to… 16% 28% 69% 69% 77% Embed in hardware products Develop open source software Power our infrastructure Create customer applications Build internal applications
  12. 12. #OSS360 Open Source Fulfills Strategic Objectives 37% 44% 55% 55% 67% 84% Availablity of skilled developers Code quality and security Rate of innovation Functionality Freedom to customize code Low cost with no vendor lock-in
  13. 13. #OSS360 Open Source is Core to IT Infrastructure 52% 53% 57% Systems Management/Operating Systems Containers/DevOps/Virtualization/Cloud Computing Development Tools/Software Development Lifecycle
  14. 14. #OSS360 The Impact of Open Source is Significant 55% 61% 63% Improves interoperability of systems Improves quality of solutions we build Speeds innovation
  15. 15. #OSS360 CONTRIBUTION
  16. 16. #OSS360 Organizations Recognize Benefits to Participation 34% 46% 53% Deliver product as open source Encourage active engagement and contributions Fix and enhance existing projects
  17. 17. #OSS360 Contributions Reduce Overall Cost of Ownership Shift From 2016 69% Fix Bugs 33% Reduce Costs 37% 38% 49% 55% Gain competitive advantage Fundamental to our product strategy Reduce development and support costs Fix bugs or add functionality
  18. 18. #OSS360 Open Source Community Involvement is Healthy and Growing 48% said the number of people contributing to open source in their organization is increasing. 25% have more than 50% of their developers contributing to one or more OSS projects
  19. 19. #OSS360 POLICY and GOVERNANCE
  20. 20. #OSS360 Organizations Understand Open Source Risks …. 53.5% 53.7% 54.6% Comply with open source licenses Monitor project and version usage Aware of known security vulnerabilities
  21. 21. #OSS360 …. But Open Source is Still Unmanaged in Most Organizations 60% don’t have a formal process for managing open source or are unaware of one in their organization OVER Other (please specify) 2% I don’t know 16% No, we do not have a formal process 45% Yes - Multiple departmental processes 10% Yes - standardized company-wide process 27% Other 37%
  22. 22. #OSS360 Respondents Highlighted Successful Open Source Policies … 33% 39% 39% 42% Policy guidance in developer tools Approved open source licenses Approved open source components Structured review process for components
  23. 23. #OSS360 … But Organizations Still Struggle With Enforcement 24% Policy provides recommendations but is not reviewed or enforced 14% Code is manually reviewed but policy is not consistently enforced Only 15% indicated enforcement with automated controls, while 25% review code via manual controls and enforcement
  24. 24. #OSS360 RISK
  25. 25. #OSS360 Organizations Highlight Ongoing Open Source Risks …. 61% 64% 66% 71% 74% Adherence to internal development policies Exposure of internal systems to exploitation Intellectual property concerns Exploitation of public facing applications Unknown quality of components
  26. 26. #OSS360 50% Indicated open source reviews rely primarily on developer information 38% Don’t review code for open source …. But Open Source Reviews Aren’t Thorough 45% review for open source code usage during development
  27. 27. #OSS360 Open Source Code Review Models 23% 27% 28% 38% String search and visual inspection Internally developed tools Third party tools No open source code review Over 60% had no structured open source code review process
  28. 28. #OSS360 Manual Vulnerability Assessments Challenge Security Orgs 25% have no process for identifying, tracking or remediating known open source vulnerabilities OVER 50% say internal resources manually identify and track remediation of known open source vulnerabilities OVER
  29. 29. #OSS360 57% Developers responsible for identifying and tracking open source vulnerabilities 40% Security Team takes ownership of tracking code usage 26% Nobody has explicit responsibility Shift From 2016 50% revealed no team took responsibility for tracking open source vulnerabilities Open Source Security Is a Shared Responsibility
  30. 30. #OSS360 LOOKING FORWARD
  31. 31. #OSS360 2017 Insights • The world’s appetite for open source software continues at a furious pace. • Open source solutions reduce development costs and increase time to market • Awareness of security risks in open source components is increasing • Even if organizations aren’t aware of their open source usage, open source is present in IT workloads in 90% of organizations
  32. 32. #OSS360 Open Source is Fundamental to Modern Software Driving Us Forward • Default development model for new apps • Builds on the success of others • Shares critical expertise between orgs • Accelerates product innovation • Solves critical business problems • Improves IT processes
  33. 33. #OSS360 Challenges Ahead • Effective management of open source is not keeping pace with its increased usage • High profile vulnerabilities highlight a need for greater security process • Lack of automation opens the door to increased risk
  34. 34. #OSS360 Own Your Success – Participate in OSS Communities Active community engagement … • Increases project vibrancy • Ensures project longevity and innovation • Reduces security risks • Ensures bugs are fixed quickly and properly Get involved. Build something amazing. Have fun.
  35. 35. #OSS360 ARNOLD LEUNG @APPNOVATION CEO When it comes to technology, our commitment to open source is right there in our branding…open digital delivered. From the start, we have been proud of our ability not just do support, but to drive pen technologies. By adopting this progressive, collaborative approach, we have enabled our company to go beyond being just architects, and become digital solutions providers, harnessing all the power of open technologies, all for the benefit of our clients" said Appnovation CEO Arnold Leung. ”This continued commitment makes us not only a company that remains innovative as well as competitive, it tangibly demonstrates the fact that we are open source evangelists, with an unrelenting desire to spread the open technologies message."
  36. 36. #OSS360 APPNOVATION @APPNOVATION PROBLEM TCL (The Creative Life), the third largest TV manufacturer in the world, needed a Drupal 8 redesign for their flagship site. Appnovation was asked to look at the issues, and conceptualize, then deliver a sleek aesthetic showroom, designed to afford users an improved, and superb user experience in terms of navigation. SOLUTION Our solution was to use and deploy the finest elements of Drupal 8, thus ensuring that everything was complete, feature rich, user friendly and aesthetically outstanding. The result was a sleek, sophisticated and user friendly site. Appnovation is a global Digital Solutions and Managed Services provider delivering strategy, application development and enterprise integration on leading open technologies.
  37. 37. #OSS360 MAIK AUSSENDORF @BAREOS_BACKUP MANAGING DIRECTOR Would you buy a new safe for your physical values and leave the key at the vendor, who will only give you access to your valuables as long as you continuously pay license fees? A lot of backup users share this experience: they can access their digital assets in case of emergency only as long as paying license fees for their proprietary backup solution Long term and sustainable data sovereignty is only possible with an Open Source Backup solution.“
  38. 38. #OSS360 BAREOS WWW.CARDTECH.DE PROBLEM • The increasing amount of sensible data became uncomfortable to be backed up using the existing backup solution which required a huge maintenance workload. • For compliance reasons a secure erase of temporary data was mandatory SOLUTION l Backing up data using Bareos, the implementation of processes and a specific engineered backup strategy on a high level of automation exculpate the IT-personnel l The Bareos team implemented the missing secure erase feature as funded development • Cardtech is a payment service provider • Under supervision o f the German Federal Financial Supervisory Authority (BaFin) • Secure Backup with Bareos • Meet Compliance • No vendor-lock-in
  39. 39. #OSS360 NAVIN BUDHIRAJA @NAVINB @INFOSYS SVP - HEAD – ARCHITECTURE, TECHNOLOGY & EDUCATION, Open Source software has become the primary engine of innovation, and should now be viewed as the key building block of all modern enterprise architectures. Innovation in areas like cloud computing, big data, artificial intelligence, DevOps and modern web frameworks are all happening in the Open Source ecosystem, and the adoption of these technologies in enterprises is benefiting from the foundation of Linux that enterprise IT departments have already invested in. Infosys is actively taking Open Source, and Open Source based products, to all our enterprise clients.”
  40. 40. #OSS360 INFOSYS @INFOSYS PROBLEM Payment disputes are an important reason for increased Days Sales Outstanding (DSO), which is exacerbated by an incorrect collection strategy, which not only increases DSO, but incorrect or aggressive collection strategy may also result in poor customer experience. A customer order propagates through multiple, incompatible ERP systems; any inconsistency in information could result in a payment dispute. **DSO is a key business metric. A large DSO can result in cash flow problems SOLUTION Infosys NiaTM - The Next Generation Integrated Artificial Intelligence Platform, built leveraging Open Source - ingests data from all the different systems – ERP, Order management, invoicing within the organization. This data in conjunction with external macro-economic and behavioral data was utilized to create a customer risk profile and aggregated to predict the total account value at risk. This allowed the organization to customize collection strategy for each customer, expedite resolution of disputes and prevent disputes, improve cash-flow forecasting. Infosys is a global leader in technology services and consulting. We enable clients in more than 45 countries to create and execute strategies for their digital transformation. From engineering to application development, knowledge management and business process management, we help our clients find the right problems to solve, and to solve these effectively. Our team of 200,000+ innovators, across the globe, is differentiated by the imagination, knowledge and experience, across industries and technologies that we bring to every project we undertake.
  41. 41. #OSS360 TIM YEATON @TBYEATON, @REDHATNEWS EXECUTIVE VICE PRESIDENT &CHIEF MARKETING OFFICER "Open source is synonymous with innovation, helping organizations around the world solve complex problems faster and create modern technology platforms that enable them to deliver new services to customers. These are key reasons why I believe this year's survey results show that a majority of respondents have increased their use of open source solutions, including in key areas like developer tools, machine learning, IoT, and software-defined networking."
  42. 42. #OSS360 ANDREW AITKEN @ANDREWOLLIANCE,@WIPRO GM & GLOBAL OPEN SOURCE LEADER Today, “Open Source First” is the new mantra for enterprises. The reason; open source is seen less as only a cost savings measure but as a key tool to drive competitive business advantage. Open source enables faster thought-to-production, innovation, efficiency and a better way of building software. With the explosion of open source projects that add massive value to enterprises, the Open Source First mantra will continue to gain momentum and will soon become the default way of computing.
  43. 43. #OSS360 WIPRO @WIPRO PROBLEM A leading US based financial services company realised that a large monolithic payments application was not agile enough to address the business growth in m-Commerce and retail sector. The client had a critical need for a next generation platform to build innovative, agile and scalable solutions leveraging a microservices framework. SOLUTION Wipro provided advisory, governance and technical consulting services to build the next gen platform for the client’s payment gateway. § Assisted in refining the enterprise open source strategy, developed governance, community and procurement models, and open sourcing of their own software. § Evaluated & recommended open source software’s to build next gen platform § Delivered a scalable platform to address future growth § Ensured high availability to address five nines application on three nines infrastructure stack § Developed the platform components and core features Wipro is a leading information technology, consulting business process services company that delivers solutions to enable its clients to do business better. Wipro delivers winning business outcomes through its deep industry experience and a 360 degree view of “Business through Technology”.
  44. 44. #OSS360 Thank You! Platinum CollaboratorsCollaborators

×