Open source downloads are on track to reach 1.5 trillion in 2020, an all-time high. At the same time, the incidence of cyber attacks actively targeting open source software projects has increased by 430%. How are businesses responding to the deluge of vulnerabilities and what influences their success?
For the answers, we turned to Sonatype’s sixth annual State of the Software Supply Chain Report, which pulls public and private databases as well as survey data, offers unique insights into the state of open source security and how the proliferation of open source code has left the global supply chain at risk.
The main conclusions of the report are as follows:
Remote working doesn’t slow down software development: Despite the global impacts of COVID-19, 2020 is poised to see 1.5 trillion downloads of open source components and containers.
When building applications, development teams use an average of 135 software components, 90% of which are open source, an all-time high.
Open source code is increasingly a target: Globally, 2019 saw a 430% increase in next-generation cyber attacks actively targeting open source software projects.
The proliferation of open source code has put the global supply chain at risk. The task of dealing with open source software vulnerabilities falls on software engineers who now face a much heavier burden.
To shed light on how enterprise software development teams use open source components and the performance and risk management results they get, Sonatype’s open source and security research team collaborated with Dr Stephen Magill and Gene Kim to examine how high performing teams successfully demonstrate superior risk management. results while maintaining high levels of productivity.
Their conclusions can be summarized as follows:
[while] adversaries accelerate, speed is better for open source projects, and productivity does not have to come at the cost of reduced security in the company.
Responses from 679 people across a wide variety of verticals including banking, retail, healthcare, and government to a survey with 41 questions were analyzed using cluster analysis.
This revealed four distinct groups:
â² High performance: high productivity, excellent results in risk management (N = 151)
â² Poor performance: low productivity, poor results in risk management (N = 107)
â² Safety first: low productivity, excellent results in terms of risk management (N = 167)
â² Productivity first: high productivity, poor results in terms of risk management (N = 103)
The report presents results that show the top performers dramatically outperform the bottom performers in software delivery and security: they deploy more frequently, they detect and remediate vulnerable OSS components faster, integrate developers into new teams. faster and approve the use of new OSS components. faster. As a bonus, developers on high performance teams demonstrate higher levels of job satisfaction.
State of the Software Supply Chain Report 2020 Presentation
State of the Software Supply Chain Report 2020 (email required for download)
Open source is no longer developing
Working from home: does it impact developer productivity?
Promote free software
What attracts developers to open source
Why participate in Open Source?
Why students participate in Summer of Code
Code borrowing and license violations
What eats your programming time
Promote free software
Programming for love or money
To be informed of new articles on I Programmer, subscribe to our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.
or send your comment to: [email protected]