SlideShare a Scribd company logo

Open Source 360 Survey Results

Download as PPTX, PDF
Tim Mackey
Tim Mackey

This document summarizes the findings of a survey about open source software usage. It finds that open source usage has increased significantly and is now core to most organizations' IT infrastructure. However, many organizations still do not have formal processes for managing open source use and risks. Common risks include unreviewed code, lack of responsibility for security issues, and incomplete vulnerability tracking. The document recommends that organizations improve open source governance, automate reviews, and participate more actively in open source communities to help address ongoing risks from open source use.

Technology
1 of 36
#OSS360
#OSS360 Collaborators Platinum CollaboratorsCollaborators
#OSS360 Black Duck Center for Open Source Research and Innovation 2016-2017 Open Source Security and Risk Analyses Future of Open Source Reports
#OSS360 Agenda • Demographics • Open Source Adoption • Open Source Risks • Risk Remediation • A Look to the Future
#OSS360 DEMOGRAPHICS
#OSS360 Global Survey Response 819 IT Professionals from 91 countries
#OSS360 2% 2% 3% 3% 4% 4% 7% 7% 11% 12% 43% Retail Health Care Media Automotive Manufacturing Government/Military Banking and Financial Services Education Other Consulting Technology/ISV Telecommunications Industry Representation
#OSS360 Open Source Awareness is Organization Wide Legal Professional VP/C-Level Executive Development Manager/Director Other Security Professional Systems Architect/CTO IT Operations/DevOps Professional Software Developer 65% of respondents are developers, IT operations, system architects, security professionals
#OSS360 USAGE
#OSS360 60% Increased Open Source Usage 26% Remained Constant Momentum for Open Source Continues to Increase 86% of organizations report Open Source use increased or remained constant
#OSS360 Organizations Use Open Source to… 16% 28% 69% 69% 77% Embed in hardware products Develop open source software Power our infrastructure Create customer applications Build internal applications
#OSS360 Open Source Fulfills Strategic Objectives 37% 44% 55% 55% 67% 84% Availablity of skilled developers Code quality and security Rate of innovation Functionality Freedom to customize code Low cost with no vendor lock-in
#OSS360 Open Source is Core to IT Infrastructure 52% 53% 57% Systems Management/Operating Systems Containers/DevOps/Virtualization/Cloud Computing Development Tools/Software Development Lifecycle
#OSS360 The Impact of Open Source is Significant 55% 61% 63% Improves interoperability of systems Improves quality of solutions we build Speeds innovation
#OSS360 CONTRIBUTION
#OSS360 Organizations Recognize Benefits to Participation 34% 46% 53% Deliver product as open source Encourage active engagement and contributions Fix and enhance existing projects
#OSS360 Contributions Reduce Overall Cost of Ownership Shift From 2016 69% Fix Bugs 33% Reduce Costs 37% 38% 49% 55% Gain competitive advantage Fundamental to our product strategy Reduce development and support costs Fix bugs or add functionality
#OSS360 Open Source Community Involvement is Healthy and Growing 48% said the number of people contributing to open source in their organization is increasing. 25% have more than 50% of their developers contributing to one or more OSS projects
#OSS360 POLICY and GOVERNANCE
#OSS360 Organizations Understand Open Source Risks …. 53.5% 53.7% 54.6% Comply with open source licenses Monitor project and version usage Aware of known security vulnerabilities
#OSS360 …. But Open Source is Still Unmanaged in Most Organizations 60% don’t have a formal process for managing open source or are unaware of one in their organization OVER Other (please specify) 2% I don’t know 16% No, we do not have a formal process 45% Yes - Multiple departmental processes 10% Yes - standardized company-wide process 27% Other 37%
#OSS360 Respondents Highlighted Successful Open Source Policies … 33% 39% 39% 42% Policy guidance in developer tools Approved open source licenses Approved open source components Structured review process for components
#OSS360 … But Organizations Still Struggle With Enforcement 24% Policy provides recommendations but is not reviewed or enforced 14% Code is manually reviewed but policy is not consistently enforced Only 15% indicated enforcement with automated controls, while 25% review code via manual controls and enforcement
#OSS360 RISK
#OSS360 Organizations Highlight Ongoing Open Source Risks …. 61% 64% 66% 71% 74% Adherence to internal development policies Exposure of internal systems to exploitation Intellectual property concerns Exploitation of public facing applications Unknown quality of components
#OSS360 50% Indicated open source reviews rely primarily on developer information 38% Don’t review code for open source …. But Open Source Reviews Aren’t Thorough 45% review for open source code usage during development
#OSS360 Open Source Code Review Models 23% 27% 28% 38% String search and visual inspection Internally developed tools Third party tools No open source code review Over 60% had no structured open source code review process
#OSS360 Manual Vulnerability Assessments Challenge Security Orgs 25% have no process for identifying, tracking or remediating known open source vulnerabilities OVER 50% say internal resources manually identify and track remediation of known open source vulnerabilities OVER
#OSS360 57% Developers responsible for identifying and tracking open source vulnerabilities 40% Security Team takes ownership of tracking code usage 26% Nobody has explicit responsibility Shift From 2016 50% revealed no team took responsibility for tracking open source vulnerabilities Open Source Security Is a Shared Responsibility
#OSS360 LOOKING FORWARD
#OSS360 2017 Insights • The world’s appetite for open source software continues at a furious pace. • Open source solutions reduce development costs and increase time to market • Awareness of security risks in open source components is increasing • Even if organizations aren’t aware of their open source usage, open source is present in IT workloads in 90% of organizations
#OSS360 Open Source is Fundamental to Modern Software Driving Us Forward • Default development model for new apps • Builds on the success of others • Shares critical expertise between orgs • Accelerates product innovation • Solves critical business problems • Improves IT processes
#OSS360 Challenges Ahead • Effective management of open source is not keeping pace with its increased usage • High profile vulnerabilities highlight a need for greater security process • Lack of automation opens the door to increased risk
#OSS360 Own Your Success – Participate in OSS Communities Active community engagement … • Increases project vibrancy • Ensures project longevity and innovation • Reduces security risks • Ensures bugs are fixed quickly and properly Get involved. Build something amazing. Have fun.
#OSS360 Questions?
#OSS360 Thank You! Platinum CollaboratorsCollaborators

Recommended

A question of trust - understanding Open Source risks
A question of trust - understanding Open Source risksA question of trust - understanding Open Source risks
A question of trust - understanding Open Source risksTim Mackey
 
PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?Black Duck by Synopsys
 
Q1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and BeyondQ1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and BeyondBlack Duck by Synopsys
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Black Duck by Synopsys
 
Open Source Insight: Open Source 360 Survey, DockerCon 2017, & More on the Cl...
Open Source Insight: Open Source 360 Survey, DockerCon 2017, & More on the Cl...Open Source Insight: Open Source 360 Survey, DockerCon 2017, & More on the Cl...
Open Source Insight: Open Source 360 Survey, DockerCon 2017, & More on the Cl...Black Duck by Synopsys
 
You Can’t Live Without Open Source - Results from the Open Source 360 Survey
You Can’t Live Without Open Source - Results from the Open Source 360 SurveyYou Can’t Live Without Open Source - Results from the Open Source 360 Survey
You Can’t Live Without Open Source - Results from the Open Source 360 SurveyBlack Duck by Synopsys
 
Open Source 360° Survey Key Takeaways
Open Source 360° Survey Key TakeawaysOpen Source 360° Survey Key Takeaways
Open Source 360° Survey Key TakeawaysBlack Duck by Synopsys
 
Welcome & The State of Open Source Security
Welcome & The State of Open Source SecurityWelcome & The State of Open Source Security
Welcome & The State of Open Source SecurityJerika Phelps
 

Recommended

A question of trust - understanding Open Source risks
A question of trust - understanding Open Source risksA question of trust - understanding Open Source risks
A question of trust - understanding Open Source risksTim Mackey
 
PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?Black Duck by Synopsys
 
Q1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and BeyondQ1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and BeyondBlack Duck by Synopsys
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Black Duck by Synopsys
 
Open Source Insight: Open Source 360 Survey, DockerCon 2017, & More on the Cl...
Open Source Insight: Open Source 360 Survey, DockerCon 2017, & More on the Cl...Open Source Insight: Open Source 360 Survey, DockerCon 2017, & More on the Cl...
Open Source Insight: Open Source 360 Survey, DockerCon 2017, & More on the Cl...Black Duck by Synopsys
 
You Can’t Live Without Open Source - Results from the Open Source 360 Survey
You Can’t Live Without Open Source - Results from the Open Source 360 SurveyYou Can’t Live Without Open Source - Results from the Open Source 360 Survey
You Can’t Live Without Open Source - Results from the Open Source 360 SurveyBlack Duck by Synopsys
 
Open Source 360° Survey Key Takeaways
Open Source 360° Survey Key TakeawaysOpen Source 360° Survey Key Takeaways
Open Source 360° Survey Key TakeawaysBlack Duck by Synopsys
 
Welcome & The State of Open Source Security
Welcome & The State of Open Source SecurityWelcome & The State of Open Source Security
Welcome & The State of Open Source SecurityJerika Phelps
 
Software Security Assurance for Devops
Software Security Assurance for DevopsSoftware Security Assurance for Devops
Software Security Assurance for DevopsJerika Phelps
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Jerika Phelps
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...WhiteSource
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOpsBlack Duck by Synopsys
 
RVAsec Bill Weinberg Open Source Hygiene Presentation
RVAsec Bill Weinberg Open Source Hygiene PresentationRVAsec Bill Weinberg Open Source Hygiene Presentation
RVAsec Bill Weinberg Open Source Hygiene PresentationBlack Duck by Synopsys
 
Keynote - Lou Shipley
Keynote - Lou ShipleyKeynote - Lou Shipley
Keynote - Lou ShipleyJerika Phelps
 
Open Source: The Legal & Security Implications for the Connected Car
Open Source: The Legal & Security Implications for the Connected CarOpen Source: The Legal & Security Implications for the Connected Car
Open Source: The Legal & Security Implications for the Connected CarBlack Duck by Synopsys
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource
 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarThe State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarWhiteSource
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsTim Mackey
 
Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...
Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...
Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...Black Duck by Synopsys
 
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersThe DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersDevOps.com
 
2015 Future of Open Source Survey Results
2015 Future of Open Source Survey Results2015 Future of Open Source Survey Results
2015 Future of Open Source Survey ResultsBlack Duck by Synopsys
 
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Black Duck by Synopsys
 
Black Duck Software’s 2014 Review
Black Duck Software’s 2014 ReviewBlack Duck Software’s 2014 Review
Black Duck Software’s 2014 ReviewBlack Duck by Synopsys
 
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Black Duck by Synopsys
 
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing Scam
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing ScamOpen Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing Scam
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing ScamBlack Duck by Synopsys
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementWhiteSource
 
Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!DevOps.com
 
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Black Duck by Synopsys
 
DevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityDevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityFranklin Mosley
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Sonatype
 

More Related Content

What's hot

Software Security Assurance for Devops
Software Security Assurance for DevopsSoftware Security Assurance for Devops
Software Security Assurance for DevopsJerika Phelps
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Jerika Phelps
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...WhiteSource
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOpsBlack Duck by Synopsys
 
RVAsec Bill Weinberg Open Source Hygiene Presentation
RVAsec Bill Weinberg Open Source Hygiene PresentationRVAsec Bill Weinberg Open Source Hygiene Presentation
RVAsec Bill Weinberg Open Source Hygiene PresentationBlack Duck by Synopsys
 
Keynote - Lou Shipley
Keynote - Lou ShipleyKeynote - Lou Shipley
Keynote - Lou ShipleyJerika Phelps
 
Open Source: The Legal & Security Implications for the Connected Car
Open Source: The Legal & Security Implications for the Connected CarOpen Source: The Legal & Security Implications for the Connected Car
Open Source: The Legal & Security Implications for the Connected CarBlack Duck by Synopsys
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource
 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarThe State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarWhiteSource
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsTim Mackey
 
Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...
Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...
Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...Black Duck by Synopsys
 
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersThe DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersDevOps.com
 
2015 Future of Open Source Survey Results
2015 Future of Open Source Survey Results2015 Future of Open Source Survey Results
2015 Future of Open Source Survey ResultsBlack Duck by Synopsys
 
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Black Duck by Synopsys
 
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Black Duck by Synopsys
 
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing Scam
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing ScamOpen Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing Scam
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing ScamBlack Duck by Synopsys
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementWhiteSource
 
Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!DevOps.com
 
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Black Duck by Synopsys
 

What's hot (20)

Software Security Assurance for Devops
Software Security Assurance for DevopsSoftware Security Assurance for Devops
Software Security Assurance for Devops
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOps
 
RVAsec Bill Weinberg Open Source Hygiene Presentation
RVAsec Bill Weinberg Open Source Hygiene PresentationRVAsec Bill Weinberg Open Source Hygiene Presentation
RVAsec Bill Weinberg Open Source Hygiene Presentation
 
Keynote - Lou Shipley
Keynote - Lou ShipleyKeynote - Lou Shipley
Keynote - Lou Shipley
 
Open Source: The Legal & Security Implications for the Connected Car
Open Source: The Legal & Security Implications for the Connected CarOpen Source: The Legal & Security Implications for the Connected Car
Open Source: The Legal & Security Implications for the Connected Car
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarThe State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource Webinar
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
 
Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...
Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...
Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...
 
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersThe DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
 
2015 Future of Open Source Survey Results
2015 Future of Open Source Survey Results2015 Future of Open Source Survey Results
2015 Future of Open Source Survey Results
 
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
 
Black Duck Software’s 2014 Review
Black Duck Software’s 2014 ReviewBlack Duck Software’s 2014 Review
Black Duck Software’s 2014 Review
 
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
 
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing Scam
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing ScamOpen Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing Scam
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing Scam
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities Management
 
Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!
 
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
 

Similar to Open Source 360 Survey Results

DevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityDevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityFranklin Mosley
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Sonatype
 
2016 Future of Open Source Survey Results
2016 Future of Open Source Survey Results2016 Future of Open Source Survey Results
2016 Future of Open Source Survey ResultsBlack Duck by Synopsys
 
Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software SurveySonatype
 
IIA4: Open Source and the Enterprise ( Predix Transform 2016)
IIA4: Open Source and the Enterprise ( Predix Transform 2016)IIA4: Open Source and the Enterprise ( Predix Transform 2016)
IIA4: Open Source and the Enterprise ( Predix Transform 2016)Predix
 
Trends in Enterprise Open Source Programs
Trends in Enterprise Open Source ProgramsTrends in Enterprise Open Source Programs
Trends in Enterprise Open Source ProgramsThe New Stack
 
2016 Future of Open Source Study
2016 Future of Open Source Study2016 Future of Open Source Study
2016 Future of Open Source StudyNorth Bridge
 
Compliance in the 2016 Future of Open Source
Compliance in the 2016 Future of Open SourceCompliance in the 2016 Future of Open Source
Compliance in the 2016 Future of Open SourceBlack Duck by Synopsys
 
eb-The-State-of-API-Security.pdf
eb-The-State-of-API-Security.pdfeb-The-State-of-API-Security.pdf
eb-The-State-of-API-Security.pdfSajid Ali
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?Sonatype
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Security Innovation
 
Tackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowTackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowWhiteSource
 
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...Tunde Ogunkoya
 
AtlassianDevOpsTrendsSurvey2020.pdf
AtlassianDevOpsTrendsSurvey2020.pdfAtlassianDevOpsTrendsSurvey2020.pdf
AtlassianDevOpsTrendsSurvey2020.pdfPrasannaKumarN8
 
5 things about os sharon webinar final
5 things about os sharon webinar final5 things about os sharon webinar final
5 things about os sharon webinar finalDevOps.com
 
Cloud bees and forester open source is not enough
Cloud bees and forester open source is not enough Cloud bees and forester open source is not enough
Cloud bees and forester open source is not enough Jules Pierre-Louis
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
 

Similar to Open Source 360 Survey Results (20)

DevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityDevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving Security
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...
 
2016 Future of Open Source Survey Results
2016 Future of Open Source Survey Results2016 Future of Open Source Survey Results
2016 Future of Open Source Survey Results
 
Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey
 
IIA4: Open Source and the Enterprise ( Predix Transform 2016)
IIA4: Open Source and the Enterprise ( Predix Transform 2016)IIA4: Open Source and the Enterprise ( Predix Transform 2016)
IIA4: Open Source and the Enterprise ( Predix Transform 2016)
 
Trends in Enterprise Open Source Programs
Trends in Enterprise Open Source ProgramsTrends in Enterprise Open Source Programs
Trends in Enterprise Open Source Programs
 
2016 Future of Open Source Study
2016 Future of Open Source Study2016 Future of Open Source Study
2016 Future of Open Source Study
 
Compliance in the 2016 Future of Open Source
Compliance in the 2016 Future of Open SourceCompliance in the 2016 Future of Open Source
Compliance in the 2016 Future of Open Source
 
eb-The-State-of-API-Security.pdf
eb-The-State-of-API-Security.pdfeb-The-State-of-API-Security.pdf
eb-The-State-of-API-Security.pdf
 
Forrester Infographic
Forrester Infographic Forrester Infographic
Forrester Infographic
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization
 
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016
 
Tackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowTackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to Know
 
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
 
Aliens in Your Apps!
Aliens in Your Apps!Aliens in Your Apps!
Aliens in Your Apps!
 
AtlassianDevOpsTrendsSurvey2020.pdf
AtlassianDevOpsTrendsSurvey2020.pdfAtlassianDevOpsTrendsSurvey2020.pdf
AtlassianDevOpsTrendsSurvey2020.pdf
 
5 things about os sharon webinar final
5 things about os sharon webinar final5 things about os sharon webinar final
5 things about os sharon webinar final
 
Cloud bees and forester open source is not enough
Cloud bees and forester open source is not enough Cloud bees and forester open source is not enough
Cloud bees and forester open source is not enough
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
 

More from Tim Mackey

Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryTim Mackey
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementTim Mackey
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Tim Mackey
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryTim Mackey
 
Secure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStackSecure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStackTim Mackey
 
XenServer Design Workshop
XenServer Design WorkshopXenServer Design Workshop
XenServer Design WorkshopTim Mackey
 
XenServer Virtualization In Cloud Environments
XenServer Virtualization In Cloud EnvironmentsXenServer Virtualization In Cloud Environments
XenServer Virtualization In Cloud EnvironmentsTim Mackey
 
Selecting the correct hypervisor for CloudStack 4.5
Selecting the correct hypervisor for CloudStack 4.5Selecting the correct hypervisor for CloudStack 4.5
Selecting the correct hypervisor for CloudStack 4.5Tim Mackey
 
User Transparent Service Migration to the Cloud
User Transparent Service Migration to the CloudUser Transparent Service Migration to the Cloud
User Transparent Service Migration to the CloudTim Mackey
 
CloudOpen Japan - Controlling the cost of your first cloud
CloudOpen Japan - Controlling the cost of your first cloudCloudOpen Japan - Controlling the cost of your first cloud
CloudOpen Japan - Controlling the cost of your first cloudTim Mackey
 
CloudStack Day Japan 2015 - Hypervisor Selection in CloudStack 4.5
CloudStack Day Japan 2015 - Hypervisor Selection in CloudStack 4.5CloudStack Day Japan 2015 - Hypervisor Selection in CloudStack 4.5
CloudStack Day Japan 2015 - Hypervisor Selection in CloudStack 4.5Tim Mackey
 
Taming the cost of your first cloud - CCCEU 2014
Taming the cost of your first cloud - CCCEU 2014Taming the cost of your first cloud - CCCEU 2014
Taming the cost of your first cloud - CCCEU 2014Tim Mackey
 
Using Packer to Migrate XenServer Infrastructure to CloudStack
Using Packer to Migrate XenServer Infrastructure to CloudStackUsing Packer to Migrate XenServer Infrastructure to CloudStack
Using Packer to Migrate XenServer Infrastructure to CloudStackTim Mackey
 
Hypervisor Selection in Apache CloudStack 4.4
Hypervisor Selection in Apache CloudStack 4.4Hypervisor Selection in Apache CloudStack 4.4
Hypervisor Selection in Apache CloudStack 4.4Tim Mackey
 
OSCON2014: Understanding Hypervisor Selection in Apache CloudStack
OSCON2014: Understanding Hypervisor Selection in Apache CloudStackOSCON2014: Understanding Hypervisor Selection in Apache CloudStack
OSCON2014: Understanding Hypervisor Selection in Apache CloudStackTim Mackey
 
Make your first CloudStack Cloud successful
Make your first CloudStack Cloud successfulMake your first CloudStack Cloud successful
Make your first CloudStack Cloud successfulTim Mackey
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Tim Mackey
 
Hypervisor Selection in CloudStack and OpenStack
Hypervisor Selection in CloudStack and OpenStackHypervisor Selection in CloudStack and OpenStack
Hypervisor Selection in CloudStack and OpenStackTim Mackey
 
Hypervisor Selection in CloudStack and OpenStack
Hypervisor Selection in CloudStack and OpenStackHypervisor Selection in CloudStack and OpenStack
Hypervisor Selection in CloudStack and OpenStackTim Mackey
 
Hypervisor Capabilities in Apache CloudStack 4.3
Hypervisor Capabilities in Apache CloudStack 4.3Hypervisor Capabilities in Apache CloudStack 4.3
Hypervisor Capabilities in Apache CloudStack 4.3Tim Mackey
 

More from Tim Mackey (20)

Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Secure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStackSecure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStack
 
XenServer Design Workshop
XenServer Design WorkshopXenServer Design Workshop
XenServer Design Workshop
 
XenServer Virtualization In Cloud Environments
XenServer Virtualization In Cloud EnvironmentsXenServer Virtualization In Cloud Environments
XenServer Virtualization In Cloud Environments
 
Selecting the correct hypervisor for CloudStack 4.5
Selecting the correct hypervisor for CloudStack 4.5Selecting the correct hypervisor for CloudStack 4.5
Selecting the correct hypervisor for CloudStack 4.5
 
User Transparent Service Migration to the Cloud
User Transparent Service Migration to the CloudUser Transparent Service Migration to the Cloud
User Transparent Service Migration to the Cloud
 
CloudOpen Japan - Controlling the cost of your first cloud
CloudOpen Japan - Controlling the cost of your first cloudCloudOpen Japan - Controlling the cost of your first cloud
CloudOpen Japan - Controlling the cost of your first cloud
 
CloudStack Day Japan 2015 - Hypervisor Selection in CloudStack 4.5
CloudStack Day Japan 2015 - Hypervisor Selection in CloudStack 4.5CloudStack Day Japan 2015 - Hypervisor Selection in CloudStack 4.5
CloudStack Day Japan 2015 - Hypervisor Selection in CloudStack 4.5
 
Taming the cost of your first cloud - CCCEU 2014
Taming the cost of your first cloud - CCCEU 2014Taming the cost of your first cloud - CCCEU 2014
Taming the cost of your first cloud - CCCEU 2014
 
Using Packer to Migrate XenServer Infrastructure to CloudStack
Using Packer to Migrate XenServer Infrastructure to CloudStackUsing Packer to Migrate XenServer Infrastructure to CloudStack
Using Packer to Migrate XenServer Infrastructure to CloudStack
 
Hypervisor Selection in Apache CloudStack 4.4
Hypervisor Selection in Apache CloudStack 4.4Hypervisor Selection in Apache CloudStack 4.4
Hypervisor Selection in Apache CloudStack 4.4
 
OSCON2014: Understanding Hypervisor Selection in Apache CloudStack
OSCON2014: Understanding Hypervisor Selection in Apache CloudStackOSCON2014: Understanding Hypervisor Selection in Apache CloudStack
OSCON2014: Understanding Hypervisor Selection in Apache CloudStack
 
Make your first CloudStack Cloud successful
Make your first CloudStack Cloud successfulMake your first CloudStack Cloud successful
Make your first CloudStack Cloud successful
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3
 
Hypervisor Selection in CloudStack and OpenStack
Hypervisor Selection in CloudStack and OpenStackHypervisor Selection in CloudStack and OpenStack
Hypervisor Selection in CloudStack and OpenStack
 
Hypervisor Selection in CloudStack and OpenStack
Hypervisor Selection in CloudStack and OpenStackHypervisor Selection in CloudStack and OpenStack
Hypervisor Selection in CloudStack and OpenStack
 
Hypervisor Capabilities in Apache CloudStack 4.3
Hypervisor Capabilities in Apache CloudStack 4.3Hypervisor Capabilities in Apache CloudStack 4.3
Hypervisor Capabilities in Apache CloudStack 4.3
 

Recently uploaded

Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Open Source 360 Survey Results

  • 3. #OSS360 Black Duck Center for Open Source Research and Innovation 2016-2017 Open Source Security and Risk Analyses Future of Open Source Reports
  • 4. #OSS360 Agenda • Demographics • Open Source Adoption • Open Source Risks • Risk Remediation • A Look to the Future
  • 6. #OSS360 Global Survey Response 819 IT Professionals from 91 countries
  • 7. #OSS360 2% 2% 3% 3% 4% 4% 7% 7% 11% 12% 43% Retail Health Care Media Automotive Manufacturing Government/Military Banking and Financial Services Education Other Consulting Technology/ISV Telecommunications Industry Representation
  • 8. #OSS360 Open Source Awareness is Organization Wide Legal Professional VP/C-Level Executive Development Manager/Director Other Security Professional Systems Architect/CTO IT Operations/DevOps Professional Software Developer 65% of respondents are developers, IT operations, system architects, security professionals
  • 10. #OSS360 60% Increased Open Source Usage 26% Remained Constant Momentum for Open Source Continues to Increase 86% of organizations report Open Source use increased or remained constant
  • 11. #OSS360 Organizations Use Open Source to… 16% 28% 69% 69% 77% Embed in hardware products Develop open source software Power our infrastructure Create customer applications Build internal applications
  • 12. #OSS360 Open Source Fulfills Strategic Objectives 37% 44% 55% 55% 67% 84% Availablity of skilled developers Code quality and security Rate of innovation Functionality Freedom to customize code Low cost with no vendor lock-in
  • 13. #OSS360 Open Source is Core to IT Infrastructure 52% 53% 57% Systems Management/Operating Systems Containers/DevOps/Virtualization/Cloud Computing Development Tools/Software Development Lifecycle
  • 14. #OSS360 The Impact of Open Source is Significant 55% 61% 63% Improves interoperability of systems Improves quality of solutions we build Speeds innovation
  • 16. #OSS360 Organizations Recognize Benefits to Participation 34% 46% 53% Deliver product as open source Encourage active engagement and contributions Fix and enhance existing projects
  • 17. #OSS360 Contributions Reduce Overall Cost of Ownership Shift From 2016 69% Fix Bugs 33% Reduce Costs 37% 38% 49% 55% Gain competitive advantage Fundamental to our product strategy Reduce development and support costs Fix bugs or add functionality
  • 18. #OSS360 Open Source Community Involvement is Healthy and Growing 48% said the number of people contributing to open source in their organization is increasing. 25% have more than 50% of their developers contributing to one or more OSS projects
  • 20. #OSS360 Organizations Understand Open Source Risks …. 53.5% 53.7% 54.6% Comply with open source licenses Monitor project and version usage Aware of known security vulnerabilities
  • 21. #OSS360 …. But Open Source is Still Unmanaged in Most Organizations 60% don’t have a formal process for managing open source or are unaware of one in their organization OVER Other (please specify) 2% I don’t know 16% No, we do not have a formal process 45% Yes - Multiple departmental processes 10% Yes - standardized company-wide process 27% Other 37%
  • 22. #OSS360 Respondents Highlighted Successful Open Source Policies … 33% 39% 39% 42% Policy guidance in developer tools Approved open source licenses Approved open source components Structured review process for components
  • 23. #OSS360 … But Organizations Still Struggle With Enforcement 24% Policy provides recommendations but is not reviewed or enforced 14% Code is manually reviewed but policy is not consistently enforced Only 15% indicated enforcement with automated controls, while 25% review code via manual controls and enforcement
  • 25. #OSS360 Organizations Highlight Ongoing Open Source Risks …. 61% 64% 66% 71% 74% Adherence to internal development policies Exposure of internal systems to exploitation Intellectual property concerns Exploitation of public facing applications Unknown quality of components
  • 26. #OSS360 50% Indicated open source reviews rely primarily on developer information 38% Don’t review code for open source …. But Open Source Reviews Aren’t Thorough 45% review for open source code usage during development
  • 27. #OSS360 Open Source Code Review Models 23% 27% 28% 38% String search and visual inspection Internally developed tools Third party tools No open source code review Over 60% had no structured open source code review process
  • 28. #OSS360 Manual Vulnerability Assessments Challenge Security Orgs 25% have no process for identifying, tracking or remediating known open source vulnerabilities OVER 50% say internal resources manually identify and track remediation of known open source vulnerabilities OVER
  • 29. #OSS360 57% Developers responsible for identifying and tracking open source vulnerabilities 40% Security Team takes ownership of tracking code usage 26% Nobody has explicit responsibility Shift From 2016 50% revealed no team took responsibility for tracking open source vulnerabilities Open Source Security Is a Shared Responsibility
  • 31. #OSS360 2017 Insights • The world’s appetite for open source software continues at a furious pace. • Open source solutions reduce development costs and increase time to market • Awareness of security risks in open source components is increasing • Even if organizations aren’t aware of their open source usage, open source is present in IT workloads in 90% of organizations
  • 32. #OSS360 Open Source is Fundamental to Modern Software Driving Us Forward • Default development model for new apps • Builds on the success of others • Shares critical expertise between orgs • Accelerates product innovation • Solves critical business problems • Improves IT processes
  • 33. #OSS360 Challenges Ahead • Effective management of open source is not keeping pace with its increased usage • High profile vulnerabilities highlight a need for greater security process • Lack of automation opens the door to increased risk
  • 34. #OSS360 Own Your Success – Participate in OSS Communities Active community engagement … • Increases project vibrancy • Ensures project longevity and innovation • Reduces security risks • Ensures bugs are fixed quickly and properly Get involved. Build something amazing. Have fun.

Editor's Notes

  1. Welcome to the Open Source 360 webinar, now in its eleventh year. For those of you have seen the Future of OpenSource Survey from Black Duck and NorthBridge in past years, this is the 2017 incarnation of that work.
  2. We want to extend a thank you to our collaborators, a survey of this magnitude would not be possible without your involvement. Our platinum collatorators extended the reach of the survey and were instrumental in understanding the impact of our results in a global marketplace. They also provided detailed case studies which are part of the slideshare deck on the Black Duck Software slideshare page. Today’s presentation contains a subset of this information and will also be on my slideshare. Attendees will receive links to these decks following our presentation. http://slideshare.net/blackducksoftware
  3. To set the stage for todays webinar, we’re going to start by looking at the core demographics behind the data and from there look at how open source is used in organizations. We’ll cover open source adoption, what “Open Source Risk” risk means, and how to manage and remediate those risks.
  4. The Open Source 360° Survey included global participation from IT professionals in 91 countries. Major technology powerhouses such as the US, Germany, UK, Canada and India featured prominently in the results. Last year’s survey saw responses from 64 countries and the increase is partly attributable to the role open source technologies play in creating technology independence.
  5. Infographic
  6. Infographic
  7. Infographic
  8. Infographic
  9. Infographic
  10. Infographic
  11. Most Organizations Encourage Developers and Contribute Bug Fixes. Some Go Well Beyond That.
  12. Infographic
  13. Infographic
  14. Infographic
  15. Infographic
  16. Infographic
  17. Even if organizations aren’t aware of their open source usage, open source is present in IT workloads in 90% of organizations