When asked about whether policy restricted component usage based on specific license or license type, 20% said their policy did not. The remainder said "yes," with 29% indicating they examined every component but not its dependencies, and 51% saying they examined all components and dependencies.
When asked if their organizations maintain an inventory of open-source components used in production applications, 35% said yes, 45% said no, and the remainder said "yes, for all components but NOT their dependencies."
"Developers are acknowledging that components make up a large part of their application development." While there's still a lot of custom code written in C, for example, for Web applications, he says, the adoption of open source is now a way of life for both the enterprise and vendors, Jackson said.
But challenges remain in adequately tracking open-source usage and any flaws that identified by the open-source community, especially in the large libraries that have become foundations of application development that widely used. "Finding a flaw in a library is not much different than finding a flaw in an operating system," Jackson concluded.
Sign up for CIO Asia eNewsletters.