Newsletter sign-up
View all newsletters

Enterprise Java Newsletter
Stay up to date on the latest tutorials and Java community news posted on JavaWorld

Sponsored Links

Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs

Survey: Control and security of corporate open source projects proves difficult

New Sonatype survey finds 80 percent of most Java applications comes from open source

  • Print
  • Feedback

Page 2 of 2

When asked about whether policy restricted component usage based on specific license or license type, 20 percent said their policy did not. The remainder said "yes," with 29 percent indicating they examined every component but not its dependencies, and 51 percent saying they examined all components and dependencies.

When asked if their organizations maintain an inventory of open-source components used in production applications, 35 percent said yes, 45 percent said no, and the remainder said "yes, for all components but NOT their dependencies."

"Developers are acknowledging that components make up a large part of their application development." While there's still a lot of custom code written in C, for example, for Web applications, he says, the adoption of open source is now a way of life for both the enterprise and vendors, Jackson said.

But challenges remain in adequately tracking open-source usage and any flaws that identified by the open-source community, especially in the large libraries that have become foundations of application development that widely used. "Finding a flaw in a library is not much different than finding a flaw in an operating system," Jackson concluded.

 

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: emessmer@nww.com.

 

Read more about software in Network World's Software section.

  • Print
  • Feedback