Open Source Usage Up As Controls and Processes Fail

Dr. Dobb's

Published: May 01, 2013 08:00

Sonatype has gone public with the findings of its annual Open Source Development Survey. The study claims to be the "largest of its kind" surveying (as it does) more than 3,500 developers, architects and IT managers currently using open source.

Key findings "suggest" that much of software today is now assembled from open source components and frameworks downloaded from repositories (at least 80% of the app). But the investigation also proposes that few organizations have the controls or processes to identify which components are in use, to govern their usage, or to eradicate flawed components from production applications.

An overwhelming majority (76 percent of respondents) shared that they have no control over what components are being used in software development projects, and 65% cited a failure to maintain an inventory of components used in production applications.

The firm points out that just like operating systems and databases, open-source components represent a "potentially rich attack vector" for hackers to exploit given their commonality across organizations and applications. So much so that for the first time the Open Web Application Security Project (OWASP) Top Ten list includes "using components with known vulnerabilities" as a top threat to application security at #9.

Continue reading on

Dr. Dobbs