Security is the most urgent challenge facing open source software developers, according to the 2022 Open Source Software Supply Chain Survey Report from Tidelift, which explored the current state of open source software supply chain management.
According to the report, 57 percent of respondents cited “identifying and resolving security vulnerabilities” as a challenge when using open source for developing applications. Other issues include:
- Making good decisions about when to upgrade components and frameworks (54%)
- Making good decisions about which components and versions to use (53%)
- Determining which open source components are safe and approved by their organization (35%)
- Resolving licensing issues (33%)
- Complying with government requirements (22%)
Additionally, only 15 percent of organizations are “extremely confident” that the open source components they are using are up-to-date, secure, and well maintained.
Other findings include:
- Only 37 percent of organizations are aware of new U.S. government software supply chain requirements around security and SBOMs
- However, 78 percent of organizations are already using SBOMs for application development or plan to in the next year.
Read more at Tidelift.
Comments