A recap of the main conclusions from our extensive open source usage survey

June 5, 2014 Rami Sass

Main reasons for failing to manage open source effectively

As mentioned in our webinar on the practices of Open Source Software (OSS) usage in software development organizations, we discovered that most organizations (74%) want to manage their open source usage but fail to do so in an effective way.

The reasons for this failure are varied and many are connected to the tools and procedures applied.

  • Most companies (53%) do not have an up-to-date inventory of open source of all the open source libraries they use.
  • Most companies do not have a clear policy with regard to open source licenses (75% of surveyed companies), do not have a process for knowing about security vulnerabilities  (74% of them), and update/patches are left to the responsibility of individual developers.
  • Most companies (81%) lack management visibility and consistent governance and leave this area to individual developers / low-level development teams which results in inconsistent treatment, license incompliance, risk to intellectual property and defects and security vulnerabilities.

We help you secure your open source components – download this guide to see how

We can see that these efforts are largely ineffective, resulting in unnecessary risk, too much work and undue hidden costs with the main outcome of this being that most companies’ usage is completely out of control, for they severely undermanage their open source usage.

New technologies such as WhiteSource make it easy to continuously track open source usage, and automatically enforce licensing and security policies. WhiteSource plugs into the build server and becomes a native part of the software development lifecycle without burdening developers. Newly adopted open source modules are discovered as soon as they are added by developers. Their licenses (and those of all of their dependencies) are automatically compared to the company licensing policies, initiating the appropriate approve/reject workflow if necessary. WhiteSource continues to track each open source in use, and will proactively notify each project manager in case of new vulnerabilities or patches.

 

 

Previous Article
M&A Due Diligence: Open Source Report and License Analysis Service Now Offered by WhiteSource Software

The company offers a new, easy, and affordable service to parties involved in M&A or OEM transactions, prov...

Next Article
How do you manage open source licensing issues in your organization?
How do you manage open source licensing issues in your organization?

Governance and license policy enforcement of open source. Tomorrow we will release an extensive survey we ...