Bill Weinberg is Senior Director of Open Source Strategy at Black Duck Software.
Over the last decade, companies have increasingly leveraged open source software (OSS) solutions and participated in OSS communities to reduce costs, speed development, and drive innovation. The growth of projects has made OSS more accessible to enterprises and OEMs, and multiplied its impact across many industries. The results from the 2015 Future of Open Source Survey — sponsored by Black Duck Software and North Bridge — confirm this trend, that the rate of adoption and participation by companies of all sizes has reached an all-time high.
Even end users and companies that have historically bucked this trend, lagging behind with legacy, proprietary technologies, are participating in open source projects. This new embrace of open source arises from the realization that organizations face a competitive disadvantage if not involved in open source development.
While the 2015 Future of Open Source Survey found that OSS has become the default approach for the majority of organizations, it also exposed the scary fact that most have no formal management for open source use or policies and procedures to monitor potential open source-related security and compliance risks.
Record Corporate Use of Open Source
Corporate use of open source has been on the rise for years, and this year’s Future of Open Source Survey results serve as further proof of that trend. Seventy-eight percent of this year’s respondents said their companies run part or all of operations on OSS, with 66 percent reporting their company creates software for customers built on open source – up from the 42 percent in 2010 who said they used open source in the running of their business or IT environments. A staggering 93 percent stated their organization’s usage of open source had increased or remained the same in the past year.
Companies Are Contributing Back to the Community
Companies like Facebook, Netflix, and even Microsoft have made headlines recently for their consumption of open source, in addition to their contributions back to key OSS projects. And, according to this year’s survey results, they’re not the only ones.
Sixty-three percent of respondents said their companies currently participate in open source projects (up 14% from 2014), and over the next 2-3 years 88 percent are expected to increase contributions to open source. These high rates of open source use and participation beg the question: what benefits do these organizations gain from their increased OSS adoption and community involvement?
The Open Source Advantage
As the need for top technical talent becomes paramount across most industries, open source is increasingly recognized as a way to attract and retain the best developers. In fact, more than 50 percent of respondents said participating in open source projects helps their companies find and recruit developer talent.
Beyond recruiting, open source solutions are believed to provide companies with superior security (54%), ability to scale (58%), and competitive features (43%) versus proprietary alternatives. Over the next 2-3 years, the gap between the benefits of open and closed source technologies is expected to widen even further.
On a macro level, survey responses reveal that OSS will impact the biggest current technology trends: cloud computing (39%), big data (35%), and IoT (31%). With the aforementioned benefits of open source, it’s easy to see why.
The Need for Formal Corporate Open Source Policies and Processes
Still, as open source usage grows, this year’s survey found a lack of formal OSS policies, management, and governance.More than 55 percent said they have no formal policies or procedures for open source consumption, and only 27 percent report having a formal policy for employee contributions to OSS projects.
When it comes to management of open source code, a mere 16 percent of respondents reported having an automated code approval process in place, and less than 42 percent maintain an inventory of open source components. With companies integrating and managing thousands of OSS components across dozens of daily builds, handwritten logs and spreadsheets can leave business-critical applications and infrastructure exposed to both security and compliance risks.
More than 50 percent aren’t satisfied with their ability to comprehend the security vulnerabilities present in the OSS components they integrate and deploy, and only 17 percent plan to monitor open source code for security vulnerabilities. Considering that on average, more than 30 percent of software deployed in most enterprises is OSS, these findings validate what we already knew: few organizations have badly needed visibility into open source usage. With more than 4,000 new open source vulnerabilities reported each year, understanding which open source components are used in context across an organization is critical.
This reported lack of corporate polices and processes for open source management and vulnerabilities can potentially expose companies to unnecessary compliance, security, and operational risks. Companies need management and governance of open source to catch up to their usage in order to reduce these risks while continuing to reap the many clear benefits of OSS.
More Corporate Participation = Increased OSS Quality and Security
There is no longer such a thing as proprietary software – all types of modern technology, even heretofore proprietary ones, integrate and/or have dependencies upon open source. That being said, open source must be sensibly managed to minimize risk to business operations, risk from legal issues, and from security threats. Companies need to evolve open source practices from mere consumption to managing and securing open source through appropriate policies and processes, and ultimately to increasing community participation to guide project development and reap greater benefit from the OSS technologies they use.
Black Duck is not alone in making these recommendations. The Future of Open Source Survey results highlight record levels of corporate participation in open source, as well as the greater impact it is having on technology and security. The reported lack of formal company policies and processes for OSS consumption, however, points to a need for management and security practices to catch up with this growth in investment and use.
For more insights into emerging trends in open source, read the full 2015 Future of Open Source Survey Results, which offers statistics from 1,300 industry influencers.