Tim Mackey, profile picture
Uploaded byTim Mackey
PPTX, PDF1,252 views

Open Source 360 Survey Results

This document summarizes the findings of a survey about open source software usage. It finds that open source usage has increased significantly and is now core to most organizations' IT infrastructure. However, many organizations still do not have formal processes for managing open source use and risks. Common risks include unreviewed code, lack of responsibility for security issues, and incomplete vulnerability tracking. The document recommends that organizations improve open source governance, automate reviews, and participate more actively in open source communities to help address ongoing risks from open source use.

Embed presentation

Downloaded 21 times
#OSS360
#OSS360 Collaborators Platinum CollaboratorsCollaborators
#OSS360 Black Duck Center for Open Source Research and Innovation 2016-2017 Open Source Security and Risk Analyses Future of Open Source Reports
#OSS360 Agenda • Demographics • Open Source Adoption • Open Source Risks • Risk Remediation • A Look to the Future
#OSS360 DEMOGRAPHICS
#OSS360 Global Survey Response 819 IT Professionals from 91 countries
#OSS360 2% 2% 3% 3% 4% 4% 7% 7% 11% 12% 43% Retail Health Care Media Automotive Manufacturing Government/Military Banking and Financial Services Education Other Consulting Technology/ISV Telecommunications Industry Representation
#OSS360 Open Source Awareness is Organization Wide Legal Professional VP/C-Level Executive Development Manager/Director Other Security Professional Systems Architect/CTO IT Operations/DevOps Professional Software Developer 65% of respondents are developers, IT operations, system architects, security professionals
#OSS360 USAGE
#OSS360 60% Increased Open Source Usage 26% Remained Constant Momentum for Open Source Continues to Increase 86% of organizations report Open Source use increased or remained constant
#OSS360 Organizations Use Open Source to… 16% 28% 69% 69% 77% Embed in hardware products Develop open source software Power our infrastructure Create customer applications Build internal applications
#OSS360 Open Source Fulfills Strategic Objectives 37% 44% 55% 55% 67% 84% Availablity of skilled developers Code quality and security Rate of innovation Functionality Freedom to customize code Low cost with no vendor lock-in
#OSS360 Open Source is Core to IT Infrastructure 52% 53% 57% Systems Management/Operating Systems Containers/DevOps/Virtualization/Cloud Computing Development Tools/Software Development Lifecycle
#OSS360 The Impact of Open Source is Significant 55% 61% 63% Improves interoperability of systems Improves quality of solutions we build Speeds innovation
#OSS360 CONTRIBUTION
#OSS360 Organizations Recognize Benefits to Participation 34% 46% 53% Deliver product as open source Encourage active engagement and contributions Fix and enhance existing projects
#OSS360 Contributions Reduce Overall Cost of Ownership Shift From 2016 69% Fix Bugs 33% Reduce Costs 37% 38% 49% 55% Gain competitive advantage Fundamental to our product strategy Reduce development and support costs Fix bugs or add functionality
#OSS360 Open Source Community Involvement is Healthy and Growing 48% said the number of people contributing to open source in their organization is increasing. 25% have more than 50% of their developers contributing to one or more OSS projects
#OSS360 POLICY and GOVERNANCE
#OSS360 Organizations Understand Open Source Risks …. 53.5% 53.7% 54.6% Comply with open source licenses Monitor project and version usage Aware of known security vulnerabilities
#OSS360 …. But Open Source is Still Unmanaged in Most Organizations 60% don’t have a formal process for managing open source or are unaware of one in their organization OVER Other (please specify) 2% I don’t know 16% No, we do not have a formal process 45% Yes - Multiple departmental processes 10% Yes - standardized company-wide process 27% Other 37%
#OSS360 Respondents Highlighted Successful Open Source Policies … 33% 39% 39% 42% Policy guidance in developer tools Approved open source licenses Approved open source components Structured review process for components
#OSS360 … But Organizations Still Struggle With Enforcement 24% Policy provides recommendations but is not reviewed or enforced 14% Code is manually reviewed but policy is not consistently enforced Only 15% indicated enforcement with automated controls, while 25% review code via manual controls and enforcement
#OSS360 RISK
#OSS360 Organizations Highlight Ongoing Open Source Risks …. 61% 64% 66% 71% 74% Adherence to internal development policies Exposure of internal systems to exploitation Intellectual property concerns Exploitation of public facing applications Unknown quality of components
#OSS360 50% Indicated open source reviews rely primarily on developer information 38% Don’t review code for open source …. But Open Source Reviews Aren’t Thorough 45% review for open source code usage during development
#OSS360 Open Source Code Review Models 23% 27% 28% 38% String search and visual inspection Internally developed tools Third party tools No open source code review Over 60% had no structured open source code review process
#OSS360 Manual Vulnerability Assessments Challenge Security Orgs 25% have no process for identifying, tracking or remediating known open source vulnerabilities OVER 50% say internal resources manually identify and track remediation of known open source vulnerabilities OVER
#OSS360 57% Developers responsible for identifying and tracking open source vulnerabilities 40% Security Team takes ownership of tracking code usage 26% Nobody has explicit responsibility Shift From 2016 50% revealed no team took responsibility for tracking open source vulnerabilities Open Source Security Is a Shared Responsibility
#OSS360 LOOKING FORWARD
#OSS360 2017 Insights • The world’s appetite for open source software continues at a furious pace. • Open source solutions reduce development costs and increase time to market • Awareness of security risks in open source components is increasing • Even if organizations aren’t aware of their open source usage, open source is present in IT workloads in 90% of organizations
#OSS360 Open Source is Fundamental to Modern Software Driving Us Forward • Default development model for new apps • Builds on the success of others • Shares critical expertise between orgs • Accelerates product innovation • Solves critical business problems • Improves IT processes
#OSS360 Challenges Ahead • Effective management of open source is not keeping pace with its increased usage • High profile vulnerabilities highlight a need for greater security process • Lack of automation opens the door to increased risk
#OSS360 Own Your Success – Participate in OSS Communities Active community engagement … • Increases project vibrancy • Ensures project longevity and innovation • Reduces security risks • Ensures bugs are fixed quickly and properly Get involved. Build something amazing. Have fun.
#OSS360 Questions?
#OSS360 Thank You! Platinum CollaboratorsCollaborators

More Related Content

PDF
You Can’t Live Without Open Source - Results from the Open Source 360 Survey
byBlack Duck by Synopsys
 
PDF
Open Source 360° Survey Key Takeaways
byBlack Duck by Synopsys
 
PPTX
A question of trust - understanding Open Source risks
byTim Mackey
 
PPTX
Welcome & The State of Open Source Security
byJerika Phelps
 
PPTX
Open Source Insight: Open Source 360 Survey, DockerCon 2017, & More on the Cl...
byBlack Duck by Synopsys
 
PDF
PCI and Vulnerability Assessments - What’s Missing?
byBlack Duck by Synopsys
 
PDF
Q1 2016 Open Source Security Report: Glibc and Beyond
byBlack Duck by Synopsys
 
PDF
Open Source Outlook: Expected Developments for 2016
byBlack Duck by Synopsys
 
You Can’t Live Without Open Source - Results from the Open Source 360 Survey
byBlack Duck by Synopsys
 
Open Source 360° Survey Key Takeaways
byBlack Duck by Synopsys
 
A question of trust - understanding Open Source risks
byTim Mackey
 
Welcome & The State of Open Source Security
byJerika Phelps
 
Open Source Insight: Open Source 360 Survey, DockerCon 2017, & More on the Cl...
byBlack Duck by Synopsys
 
PCI and Vulnerability Assessments - What’s Missing?
byBlack Duck by Synopsys
 
Q1 2016 Open Source Security Report: Glibc and Beyond
byBlack Duck by Synopsys
 
Open Source Outlook: Expected Developments for 2016
byBlack Duck by Synopsys
 

What's hot

PPTX
Software Security Assurance for DevOps
byBlack Duck by Synopsys
 
PDF
The State of Open Source Vulnerabilities Management
byWhiteSource
 
PPTX
The State of Open Source Vulnerabilities - A WhiteSource Webinar
byWhiteSource
 
PPTX
2015 Future of Open Source Survey Results
byBlack Duck by Synopsys
 
PDF
Security & DevOps - What We Have Here Is a Failure to Communicate!
byDevOps.com
 
PPTX
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
byBlack Duck by Synopsys
 
PPTX
Black Duck Software’s 2014 Review
byBlack Duck by Synopsys
 
PPTX
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
byWhiteSource
 
PPTX
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
byWhiteSource
 
PPTX
Software Security Assurance for Devops
byJerika Phelps
 
PPTX
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
byBlack Duck by Synopsys
 
PPTX
Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...
byBlack Duck by Synopsys
 
PPTX
Keynote - Lou Shipley
byJerika Phelps
 
PPTX
RVAsec Bill Weinberg Open Source Hygiene Presentation
byBlack Duck by Synopsys
 
PPTX
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
byDevOps.com
 
PPTX
Security in the age of open source - Myths and misperceptions
byTim Mackey
 
PPTX
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing Scam
byBlack Duck by Synopsys
 
PPTX
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
byBlack Duck by Synopsys
 
PDF
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
byJerika Phelps
 
PPTX
Open Source: The Legal & Security Implications for the Connected Car
byBlack Duck by Synopsys
 
Software Security Assurance for DevOps
byBlack Duck by Synopsys
 
The State of Open Source Vulnerabilities Management
byWhiteSource
 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
byWhiteSource
 
2015 Future of Open Source Survey Results
byBlack Duck by Synopsys
 
Security & DevOps - What We Have Here Is a Failure to Communicate!
byDevOps.com
 
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
byBlack Duck by Synopsys
 
Black Duck Software’s 2014 Review
byBlack Duck by Synopsys
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
byWhiteSource
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
byWhiteSource
 
Software Security Assurance for Devops
byJerika Phelps
 
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
byBlack Duck by Synopsys
 
Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...
byBlack Duck by Synopsys
 
Keynote - Lou Shipley
byJerika Phelps
 
RVAsec Bill Weinberg Open Source Hygiene Presentation
byBlack Duck by Synopsys
 
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
byDevOps.com
 
Security in the age of open source - Myths and misperceptions
byTim Mackey
 
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing Scam
byBlack Duck by Synopsys
 
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
byBlack Duck by Synopsys
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
byJerika Phelps
 
Open Source: The Legal & Security Implications for the Connected Car
byBlack Duck by Synopsys
 

Similar to Open Source 360 Survey Results

PPTX
Managing Open Source in Application Security and Software Development Lifecycle
byBlack Duck by Synopsys
 
PDF
Winning open source vulnerabilities without loosing your deveopers - Azure De...
byWhiteSource
 
PDF
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
byParis Open Source Summit
 
PPTX
The Role of In-House & External Counsel in Managing Open Source Software
byFlexera
 
PDF
Leveraging Open Source Opportunity in the Public Sector Without the Risk
byProtecode
 
PDF
2016 Future of Open Source Survey Results
byBlack Duck by Synopsys
 
PDF
Sonatype's 2013 OSS Software Survey
bySonatype
 
PPTX
OSS has taken over the enterprise: The top five OSS trends of 2015
byRogue Wave Software
 
PPT
Ten Elements of Open Source Governance
byRogue Wave Software
 
ODP
Open Source In Further Education
byRoss Gardler
 
PDF
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
byFINOS
 
PDF
Open source software: The infrastructure impact
byRogue Wave Software
 
PPT
Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...
byActiveState
 
PDF
DevOps and Open Source Software Continuous Compliance
bySource Code Control Limited
 
PPTX
Open Source Security - It can be done easily.
byFlexera
 
PDF
OWF14 - Plenary Session : David Jones, Chief Solutions Architect, Sonatype
byParis Open Source Summit
 
PPTX
Four Steps to Creating an Effective Open Source Policy
byBlack Duck by Synopsys
 
PPTX
Leveraging Open Source Opportunity in the Public Sector Without the Risk
bySource Code Control Limited
 
PDF
Webinar–2019 Open Source Risk Analysis Report
bySynopsys Software Integrity Group
 
PDF
Webinar–Open Source Risk in M&A by the Numbers
bySynopsys Software Integrity Group
 
Managing Open Source in Application Security and Software Development Lifecycle
byBlack Duck by Synopsys
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
byWhiteSource
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
byParis Open Source Summit
 
The Role of In-House & External Counsel in Managing Open Source Software
byFlexera
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
byProtecode
 
2016 Future of Open Source Survey Results
byBlack Duck by Synopsys
 
Sonatype's 2013 OSS Software Survey
bySonatype
 
OSS has taken over the enterprise: The top five OSS trends of 2015
byRogue Wave Software
 
Ten Elements of Open Source Governance
byRogue Wave Software
 
Open Source In Further Education
byRoss Gardler
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
byFINOS
 
Open source software: The infrastructure impact
byRogue Wave Software
 
Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...
byActiveState
 
DevOps and Open Source Software Continuous Compliance
bySource Code Control Limited
 
Open Source Security - It can be done easily.
byFlexera
 
OWF14 - Plenary Session : David Jones, Chief Solutions Architect, Sonatype
byParis Open Source Summit
 
Four Steps to Creating an Effective Open Source Policy
byBlack Duck by Synopsys
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
bySource Code Control Limited
 
Webinar–2019 Open Source Risk Analysis Report
bySynopsys Software Integrity Group
 
Webinar–Open Source Risk in M&A by the Numbers
bySynopsys Software Integrity Group
 

More from Tim Mackey

PPTX
The How and Why of Container Vulnerability Management
byTim Mackey
 
PPTX
XenServer Design Workshop
byTim Mackey
 
PPTX
Selecting the correct hypervisor for CloudStack 4.5
byTim Mackey
 
PPTX
Hypervisor Selection in Apache CloudStack 4.4
byTim Mackey
 
PPTX
XenServer Virtualization In Cloud Environments
byTim Mackey
 
PPTX
Using Packer to Migrate XenServer Infrastructure to CloudStack
byTim Mackey
 
PPTX
Secure application deployment in the age of continuous delivery
byTim Mackey
 
PPTX
Secure application deployment in Apache CloudStack
byTim Mackey
 
PPTX
Secure Application Development in the Age of Continuous Delivery
byTim Mackey
 
PPTX
Using hypervisor and container technology to increase datacenter security pos...
byTim Mackey
 
PPTX
Make your first CloudStack Cloud successful
byTim Mackey
 
PPTX
Taming the cost of your first cloud - CCCEU 2014
byTim Mackey
 
PPTX
CloudOpen Japan - Controlling the cost of your first cloud
byTim Mackey
 
PPTX
CloudStack Day Japan 2015 - Hypervisor Selection in CloudStack 4.5
byTim Mackey
 
PDF
Decisions behind hypervisor selection in CloudStack 4.3
byTim Mackey
 
PPTX
Hypervisor Selection in CloudStack and OpenStack
byTim Mackey
 
PPTX
Hypervisor Selection in CloudStack and OpenStack
byTim Mackey
 
PPTX
Hypervisor Capabilities in Apache CloudStack 4.3
byTim Mackey
 
PPTX
OSCON2014: Understanding Hypervisor Selection in Apache CloudStack
byTim Mackey
 
PPTX
User Transparent Service Migration to the Cloud
byTim Mackey
 
The How and Why of Container Vulnerability Management
byTim Mackey
 
XenServer Design Workshop
byTim Mackey
 
Selecting the correct hypervisor for CloudStack 4.5
byTim Mackey
 
Hypervisor Selection in Apache CloudStack 4.4
byTim Mackey
 
XenServer Virtualization In Cloud Environments
byTim Mackey
 
Using Packer to Migrate XenServer Infrastructure to CloudStack
byTim Mackey
 
Secure application deployment in the age of continuous delivery
byTim Mackey
 
Secure application deployment in Apache CloudStack
byTim Mackey
 
Secure Application Development in the Age of Continuous Delivery
byTim Mackey
 
Using hypervisor and container technology to increase datacenter security pos...
byTim Mackey
 
Make your first CloudStack Cloud successful
byTim Mackey
 
Taming the cost of your first cloud - CCCEU 2014
byTim Mackey
 
CloudOpen Japan - Controlling the cost of your first cloud
byTim Mackey
 
CloudStack Day Japan 2015 - Hypervisor Selection in CloudStack 4.5
byTim Mackey
 
Decisions behind hypervisor selection in CloudStack 4.3
byTim Mackey
 
Hypervisor Selection in CloudStack and OpenStack
byTim Mackey
 
Hypervisor Selection in CloudStack and OpenStack
byTim Mackey
 
Hypervisor Capabilities in Apache CloudStack 4.3
byTim Mackey
 
OSCON2014: Understanding Hypervisor Selection in Apache CloudStack
byTim Mackey
 
User Transparent Service Migration to the Cloud
byTim Mackey
 

Recently uploaded

PDF
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PPTX
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PDF
AI Technology important knowledge ......
byutkarshj2007
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
PDF
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
The Landscape of Computer Software Development Companies
byYash Singh
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
AI Technology important knowledge ......
byutkarshj2007
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 

Open Source 360 Survey Results

  • 1.
  • 2.
  • 3.
    #OSS360 Black Duck Centerfor Open Source Research and Innovation 2016-2017 Open Source Security and Risk Analyses Future of Open Source Reports
  • 4.
    #OSS360 Agenda • Demographics • OpenSource Adoption • Open Source Risks • Risk Remediation • A Look to the Future
  • 5.
  • 6.
    #OSS360 Global Survey Response 819IT Professionals from 91 countries
  • 7.
    #OSS360 2% 2% 3% 3% 4% 4% 7% 7% 11% 12% 43% Retail Health Care Media Automotive Manufacturing Government/Military Banking andFinancial Services Education Other Consulting Technology/ISV Telecommunications Industry Representation
  • 8.
    #OSS360 Open Source Awarenessis Organization Wide Legal Professional VP/C-Level Executive Development Manager/Director Other Security Professional Systems Architect/CTO IT Operations/DevOps Professional Software Developer 65% of respondents are developers, IT operations, system architects, security professionals
  • 9.
  • 10.
    #OSS360 60% Increased OpenSource Usage 26% Remained Constant Momentum for Open Source Continues to Increase 86% of organizations report Open Source use increased or remained constant
  • 11.
    #OSS360 Organizations Use OpenSource to… 16% 28% 69% 69% 77% Embed in hardware products Develop open source software Power our infrastructure Create customer applications Build internal applications
  • 12.
    #OSS360 Open Source FulfillsStrategic Objectives 37% 44% 55% 55% 67% 84% Availablity of skilled developers Code quality and security Rate of innovation Functionality Freedom to customize code Low cost with no vendor lock-in
  • 13.
    #OSS360 Open Source isCore to IT Infrastructure 52% 53% 57% Systems Management/Operating Systems Containers/DevOps/Virtualization/Cloud Computing Development Tools/Software Development Lifecycle
  • 14.
    #OSS360 The Impact ofOpen Source is Significant 55% 61% 63% Improves interoperability of systems Improves quality of solutions we build Speeds innovation
  • 15.
  • 16.
    #OSS360 Organizations Recognize Benefitsto Participation 34% 46% 53% Deliver product as open source Encourage active engagement and contributions Fix and enhance existing projects
  • 17.
    #OSS360 Contributions Reduce OverallCost of Ownership Shift From 2016 69% Fix Bugs 33% Reduce Costs 37% 38% 49% 55% Gain competitive advantage Fundamental to our product strategy Reduce development and support costs Fix bugs or add functionality
  • 18.
    #OSS360 Open Source CommunityInvolvement is Healthy and Growing 48% said the number of people contributing to open source in their organization is increasing. 25% have more than 50% of their developers contributing to one or more OSS projects
  • 19.
  • 20.
    #OSS360 Organizations Understand OpenSource Risks …. 53.5% 53.7% 54.6% Comply with open source licenses Monitor project and version usage Aware of known security vulnerabilities
  • 21.
    #OSS360 …. But OpenSource is Still Unmanaged in Most Organizations 60% don’t have a formal process for managing open source or are unaware of one in their organization OVER Other (please specify) 2% I don’t know 16% No, we do not have a formal process 45% Yes - Multiple departmental processes 10% Yes - standardized company-wide process 27% Other 37%
  • 22.
    #OSS360 Respondents Highlighted SuccessfulOpen Source Policies … 33% 39% 39% 42% Policy guidance in developer tools Approved open source licenses Approved open source components Structured review process for components
  • 23.
    #OSS360 … But OrganizationsStill Struggle With Enforcement 24% Policy provides recommendations but is not reviewed or enforced 14% Code is manually reviewed but policy is not consistently enforced Only 15% indicated enforcement with automated controls, while 25% review code via manual controls and enforcement
  • 24.
  • 25.
    #OSS360 Organizations Highlight OngoingOpen Source Risks …. 61% 64% 66% 71% 74% Adherence to internal development policies Exposure of internal systems to exploitation Intellectual property concerns Exploitation of public facing applications Unknown quality of components
  • 26.
    #OSS360 50% Indicated opensource reviews rely primarily on developer information 38% Don’t review code for open source …. But Open Source Reviews Aren’t Thorough 45% review for open source code usage during development
  • 27.
    #OSS360 Open Source CodeReview Models 23% 27% 28% 38% String search and visual inspection Internally developed tools Third party tools No open source code review Over 60% had no structured open source code review process
  • 28.
    #OSS360 Manual Vulnerability AssessmentsChallenge Security Orgs 25% have no process for identifying, tracking or remediating known open source vulnerabilities OVER 50% say internal resources manually identify and track remediation of known open source vulnerabilities OVER
  • 29.
    #OSS360 57% Developers responsiblefor identifying and tracking open source vulnerabilities 40% Security Team takes ownership of tracking code usage 26% Nobody has explicit responsibility Shift From 2016 50% revealed no team took responsibility for tracking open source vulnerabilities Open Source Security Is a Shared Responsibility
  • 30.
  • 31.
    #OSS360 2017 Insights • Theworld’s appetite for open source software continues at a furious pace. • Open source solutions reduce development costs and increase time to market • Awareness of security risks in open source components is increasing • Even if organizations aren’t aware of their open source usage, open source is present in IT workloads in 90% of organizations
  • 32.
    #OSS360 Open Source isFundamental to Modern Software Driving Us Forward • Default development model for new apps • Builds on the success of others • Shares critical expertise between orgs • Accelerates product innovation • Solves critical business problems • Improves IT processes
  • 33.
    #OSS360 Challenges Ahead • Effectivemanagement of open source is not keeping pace with its increased usage • High profile vulnerabilities highlight a need for greater security process • Lack of automation opens the door to increased risk
  • 34.
    #OSS360 Own Your Success– Participate in OSS Communities Active community engagement … • Increases project vibrancy • Ensures project longevity and innovation • Reduces security risks • Ensures bugs are fixed quickly and properly Get involved. Build something amazing. Have fun.
  • 35.
  • 36.

Editor's Notes

  • #2 Welcome to the Open Source 360 webinar, now in its eleventh year. For those of you have seen the Future of OpenSource Survey from Black Duck and NorthBridge in past years, this is the 2017 incarnation of that work.
  • #3 We want to extend a thank you to our collaborators, a survey of this magnitude would not be possible without your involvement. Our platinum collatorators extended the reach of the survey and were instrumental in understanding the impact of our results in a global marketplace. They also provided detailed case studies which are part of the slideshare deck on the Black Duck Software slideshare page. Today’s presentation contains a subset of this information and will also be on my slideshare. Attendees will receive links to these decks following our presentation. http://slideshare.net/blackducksoftware
  • #5 To set the stage for todays webinar, we’re going to start by looking at the core demographics behind the data and from there look at how open source is used in organizations. We’ll cover open source adoption, what “Open Source Risk” risk means, and how to manage and remediate those risks.
  • #7 The Open Source 360° Survey included global participation from IT professionals in 91 countries. Major technology powerhouses such as the US, Germany, UK, Canada and India featured prominently in the results. Last year’s survey saw responses from 64 countries and the increase is partly attributable to the role open source technologies play in creating technology independence.
  • #11 Infographic
  • #12 Infographic
  • #13 Infographic
  • #14 Infographic
  • #15 Infographic
  • #16 Infographic
  • #17 Most Organizations Encourage Developers and Contribute Bug Fixes. Some Go Well Beyond That.
  • #21 Infographic
  • #22 Infographic
  • #24 Infographic
  • #26 Infographic
  • #29 Infographic
  • #32 Even if organizations aren’t aware of their open source usage, open source is present in IT workloads in 90% of organizations