Are You Relying Too Much on Open Source Software?

While many businesses rely heavily on open-source software (OSS) to speed up their digital efforts, a new study from VMware Tanzu suggests that IT executives are also aware of the associated risks.

The report claims that 95% of organizations use OSS in production, with larger enterprises (1,000+ employees) the most likely to use community open source.

They see several advantages to OSS in production, including lower costs, more flexibility, a large community that serves as support, and improved developer productivity.

They are also concerned about the many cybersecurity dangers associated with open-source software.

Using open-source software entails relying on the community to address bugs and patch flaws. The majority of respondents (63%) agree there are no assurances that vulnerabilities will be fixed or patched, while 54% think it is tough to stay up to date on flaws in OSS code.

Too many cooks spoil the broth.

Two-thirds of respondents cited difficulties in packaging OSS for production, as well as issues of ownership. Many are unsure if dependencies are compliant, while others struggle to keep track of package managers’ installed dependencies.

One in ten businesses utilizes no tools at all for packaging, while two-thirds use multiple tools, which only adds to the complexity. While the majority (65%) have at least one team dedicated to OSS packaging, some organizations have up to five teams involved.

In most organizations, the security team is not ultimately in charge of validating and authorizing OSS in production, but it is in a tenth.

In addition to that, over half (54%) use different security tools for OSS than they do for other software.