Listen to this article

Editor’s Brief: Open Source Software (OSS) is a godsend when you need capabilities at a sustainable budget. Increasingly, companies large and small are turning to OSS for digitalization and computing, and reducing their IT expenditure tremendously. However, as with all good things, there must be some risks involved. What are these risks? Bitkom, together with 9 industry partners, released a report “Bitkom Open-Source Monitor 2019” to discuss these risks. Read more below.

SINGAPORESynopsys, Inc. (Nasdaq: SNPS) and Bitkom e.V., an independent research centre in Germany, today released the Bitkom Open-Source Monitor 2019. Commissioned by the digital association Bitkom and supported by nine partners, including Synopsys, the report examines the results of a survey of over 800 companies with 100 or more employees throughout Germany. The study relates how widely open source software (OSS) is used in Germany and to what extent companies participate in its development.

“While seventy-five percent of surveyed firms are considering the use of open source, only one in five firms have implemented an open source strategy within their organisation,” said Florian Thurmann, Director of Software Security Field Service within the Synopsys Software Integrity Group. “Considering what the long-term benefits of using open source software are, you should also ask yourself what potential risks exist in choosing this path. Being able to access software patches that close identified security gaps while meeting compliance requirements is often not under the control of the company. As such, timely security and compliance checks throughout the software lifecycle help identify potential risks faster and more effectively protect sensitive data from unauthorised access.”

Additional highlights from the Bitkom Open-Source Monitor 2019:

  • Fifty-eight percent of surveyed organisations use open source components without changing any of the code, compared to thirty-two percent that do implement source code changes. Customisation of source code to meet unique conditions is one of the most common reasons to use open source software. Twelve percent of respondents cited a lack of training as a risk in open source adoption.
  • Less than half of the German companies surveyed (forty-nine percent) have created a position in which the responsibility for OSS is formally or informally assigned.
  • Seventy one percent of respondents felt that it was nearly impossible to achieve full compliance to open source obligations.
  • Sixty three percent of respondents saw participation in open source activities as a key aspect of their company’s self-image.

“According to the 2019 Open Source Security and Risk Analysis (OSSRA) report, there has been a significant uptick in open source adoption globally. Ninety-six percent of codebases audited in 2018 contained open source components, with an average of 298 open source components per codebase compared to 257 in 2017,” said Thurmann. “As you can see, open source plays an increasingly vital role in modern software development and deployment. But to realize its value organisations need to understand the role open source plays in their business operations and importantly within their digital supply chain. Doing so will enable them to realise the benefits of open source ecosystems while reducing their risk posture from a security and license compliance perspective.”