Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Control and security of corporate open-source projects proves difficult

Ellen Messmer | May 2, 2013
Sonatype's annual survey of 3,500 software developers and shows struggle in setting corporate policy on open source and enforcing it

When asked about whether policy restricted component usage based on specific license or license type, 20% said their policy did not. The remainder said "yes," with 29% indicating they examined every component but not its dependencies, and 51% saying they examined all components and dependencies.

When asked if their organizations maintain an inventory of open-source components used in production applications, 35% said yes, 45% said no, and the remainder said "yes, for all components but NOT their dependencies."

"Developers are acknowledging that components make up a large part of their application development." While there's still a lot of custom code written in C, for example, for Web applications, he says, the adoption of open source is now a way of life for both the enterprise and vendors, Jackson said.

But challenges remain in adequately tracking open-source usage and any flaws that identified by the open-source community, especially in the large libraries that have become foundations of application development that widely used. "Finding a flaw in a library is not much different than finding a flaw in an operating system," Jackson concluded.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.