Editor’s Brief: Open Source Software (OSS) is a godsend when you need capabilities at a sustainable budget. Increasingly, companies large and small are turning to OSS for digitalization and computing, and reducing their IT expenditure tremendously. However, as with all good things, there must be some risks involved. What are these risks? Bitkom, together with 9 industry partners, released a report “Bitkom Open-Source Monitor 2019” to discuss these risks. The vendor’s news release is found below.
Consumption of OSS in Germany is Growing, But Risk Management Not Keeping Pace
SINGAPORE, @mcgallen #microwireinfo, 19 February 2020 – Synopsys, Inc. (Nasdaq: SNPS) and Bitkom e.V., an independent research centre in Germany, today released the Bitkom Open-Source Monitor 2019. Commissioned by the digital association Bitkom and supported by nine partners, including Synopsys, the report examines the results of a survey of over 800 companies with 100 or more employees throughout Germany. The study relates how widely open source software (OSS) is used in Germany and to what extent companies participate in its development.
“While seventy-five percent of surveyed firms are considering the use of open source, only one in five firms have implemented an open source strategy within their organisation,” said Florian Thurmann, Director of Software Security Field Service within the Synopsys Software Integrity Group. “Considering what the long-term benefits of using open source software are, you should also ask yourself what potential risks exist in choosing this path. Being able to access software patches that close identified security gaps while meeting compliance requirements is often not under the control of the company. As such, timely security and compliance checks throughout the software lifecycle help identify potential risks faster and more effectively protect sensitive data from unauthorised access.”
Additional highlights from the Bitkom Open-Source Monitor 2019:
- Fifty-eight percent of surveyed organisations use open source components without changing any of the code, compared to thirty-two percent that do implement source code changes. Customisation of source code to meet unique conditions is one of the most common reasons to use open source software. Twelve percent of respondents cited a lack of training as a risk in open source adoption.
- Less than half of the German companies surveyed (forty-nine percent) have created a position in which the responsibility for OSS is formally or informally assigned.
- Seventy one percent of respondents felt that it was nearly impossible to achieve full compliance to open source obligations.
- Sixty three percent of respondents saw participation in open source activities as a key aspect of their company’s self-image.
“According to the 2019 Open Source Security and Risk Analysis (OSSRA) report, there has been a significant uptick in open source adoption globally. Ninety-six percent of codebases audited in 2018 contained open source components, with an average of 298 open source components per codebase compared to 257 in 2017,” said Thurmann. “As you can see, open source plays an increasingly vital role in modern software development and deployment. But to realize its value organisations need to understand the role open source plays in their business operations and importantly within their digital supply chain. Doing so will enable them to realise the benefits of open source ecosystems while reducing their risk posture from a security and license compliance perspective.”
Download a free copy of the report: Bitkom Open-Source Monitor 2019.
Learn more about how to ensure the OSS within your organisation is secure.
About the Synopsys Software Integrity Group
Synopsys Software Integrity Group helps development teams build secure, high-quality software, minimising risks while maximising speed and productivity. Synopsys, a recognised leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behaviour. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organisations optimise security and quality in DevSecOps and throughout the software development life cycle. Learn more at https://www.synopsys.com/de-de/software-integrity.html.
Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Software™ partner for innovative companies developing the electronic products and software applications we rely on every day. As the world’s 15th largest software company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP and is also growing its leadership in software security and quality solutions. Whether you’re a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing applications that require the highest security and quality, Synopsys has the solutions needed to deliver innovative, high-quality, secure products. Learn more at https://www.synopsys.com/de-de.html.