LOGIN | REGISTER NOW | SUBSCRIBE
 
Print

Survey: A third of development teams keep open-source records


By Victoria Reitano


 Victoria Reitano
Email
April 23, 2012 —  Only 32% of teams maintain a detailed record of the open-source components in their software stacks, according to a survey released today of 2,550 developers, architects and IT managers. This is caused by a variety of factors and can be rectified by having a strong open-source management policy, and by making sure teams enforce it, according to Charles Gold, chief marketing officer of software company Sonatype, which did the survey.

Gold said companies that do not maintain a “bill of materials,” or record of the components in custom applications, are at risk for security vulnerabilities. “Open-source software does not [prompt] users to update,” he said, adding that some vulnerabilities have been fixed for years and are not implemented by companies because of their lack of insight into application stack components.

Sonatype's newest product is a repository system called Insight, which the company described as a solution for tracking the bill of materials for components used in open-source projects as part of an open-source governance plan.

Sonatype’s Open Source Software Development Survey also found that only 50% of those surveyed said their company has an open-source software policy, said Gold. For most, he added, the policy is not effective or is crippling development cycles. He said this is both a technical problem and an awareness issue.

The IT department is not always aware of what is assembled in a custom software solution, he said, adding that developers, for the most part, take different portions of open-source coding and then write their own custom code on top of it. The problem with this is if teams do not create and maintain a bill of materials for what they add, the IT department cannot stay on top of updates or change out different components as needed.

Despite these flaws, Sonatype found that more companies than before are using open-source components, and Gold said that most companies have standardized their infrastructure for using these stacks.

He said that Sonatype recommends that companies looking to establish an effective policy start by creating a bill of materials for all their mission-critical applications, and then educate teams on what can and cannot be used.

Finally, Gold said that teams should look into developing and deploying tools that can manage the open-source software and tools that give IT departments visibility into stacks.




Related Search Term(s): open source, security


Share this link: http://sdt.bz/36558
 
Most Read  Latest News  Resources
SAP unveils SAP HANA platform innovations for Big Data and spatial processing
Features include smart data access and expanded cloud deployment options
Alteryx raises $12 million to put Big Data analytics in the hands of all business analysts
Quest founder's firm, Toba Capital, selects Alteryx as its first analytics investment
Google I/O kicks off
Developers get new APIs and tools, and the Go language hits version 1.1
Jelastic launches new version of its Java and PHP hosting platform
Jelastic today announced the launch of a new version of its ultra-scalable cloud hosting platform
Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter


close
NEXT ARTICLE
As open-source adoption grows, so do security risks
Companies do not keep good records of open-source use, nor do they check in enough with open-source communities Read More...
 
 
 




News on Monday  more>>
Android Developer News  more>>
SharePoint Tech Report  more>>
Big Data TechReport  more>>

   
 
 

 


Download Current Issue
MAY 2013 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?