Open Source Software Security Begins to Mature

Only about half of firms have an open source software security policy in place to guide developers in the use of components and frameworks, but those that do exhibit better security.

1 Min Read
Open Source Software Security Begins to Mature
Alamy

Companies that have an open source software (OSS) security policy in place tend to perform much better in self-assessed measures of readiness. They also tend to have dedicated teams in charge of driving software security, according to a survey published on June 21.

The survey -- published by software-security firm Snyk and the Linux Foundation on Tuesday -- found that seven out of 10 companies that have an OSS security policy in place consider their application development to be highly or somewhat secure. Comparatively, just 45% of companies that failed to institute such a policy consider themselves at least somewhat secure.

Open source software has significant benefits for application development, but companies also have to recognize and prepare for the downsides, says Matt Jarvis, director of developer relations for Snyk.

"While open source is a proven mechanism for innovation and building high-quality software, it's becoming somewhat a victim of its own success in that its ubiquity has made it a target for supply-chain attacks," he says. "Companies need to build a stronger understanding of both the mechanisms by which open source works, and this includes governance as well as code, and strengthen their approach to supply chain management through adopting developer-first security tooling and methodologies."

Related:Secure Open Source Software Is Helping Enterprises Find Their Edge

Smaller Firms Lag in OSS Policies

Overall, only about half of firms have an open source security policy in place to guide developers in the use of components and frameworks, with a greater number of small companies, 60%, either having no policies or not knowing whether they have one, according to the report. 

Continue Reading on Dark Reading

Read more about:

Dark Reading

About the Authors

Robert Lemos

Dark Reading, Contributing writer

Robert Lemos is a veteran technology journalist and a former research engineer. He's written for more than two dozen publications, including CNET, Dark Reading, MIT's Technology Review, Popular Science and Wired News. He has won five awards for journalism and crunches numbers on various trends using Python and R. 

Dark Reading

Long one of the most widely read cyber security news sites on the Web, Dark Reading, a sister site to ITPro Today, is now the most trusted online community for security professionals like you. Dark Reading's community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like