We love data – especially when it tells us what people are doing about security. Which is why we were thrilled at the opportunity to provide a – dare I say open? – analysis of the 2014 Open Source Development and Application Security survey. And today we launch the complete research paper with our analysis of the results. Here are a couple highlights:
Yes, after a widely-reported major vulnerability in an open source component used in millions of systems around the globe, confidence in open source security did not suffer. In fact, it ticked up. Ironic? Amazing? I was surprised and impressed.
… and …
54% answered “Yes, we are concerned with open source vulnerabilities.” but roughly the same percentage of organizations do not have a policy governing open source vulnerabilities.
We think this type of survey helps shed important light on how development teams perceive security issues and are addressing them.
You can find the official survey results at http://www.sonatype.com/about/2014-open-source-software-development-survey.
And our research paper is available for download, free as always: 2014 Open Source Development and Application Security Survey Analysis
Finally, we would like to thank Sonatype, both for giving us access to the survey results and for choosing to license this research work to accompany their survey results! Without their interest and support for our work, we would not be able to provide you with research such as this.