AppSec / DevOps Survey: 63% Concerned with Open Source


February 5, 2014 By Derek Weeks

A sneak peek at interim results from the “Developers and Application Security: Who is Responsible?” 2014 survey are in, and there’s still time for you to participate. Here’s a little something for you to think about.

Once upon a time, we used to develop our own software. But these days, we are developing 90% of our applications from open source software (OSS) components. With the need for speed (to market) pressuring development organizations coupled with the convenience of OSS, the days of “write your own code” are gone forever – and that is good news.

The bad news: there are no “free puppies” in open source. While OSS benefits are tremendous, they do come with responsibilities we cannot overlook. The ease of downloading pre-built components should not distract us from our responsibilities to be vigilant about their quality, security, and licensing.

Initial Application Security Survey Data

Early results from a Trusted Software Alliance survey of 225+ DevOps and AppSec professionals shows vigilance around OSS security concerns are top-of-mind. Where functional defects rank as the top security concern, 63% of those surveyed ranked open source vulnerabilities second overall.

Got 5 minutes? You can take the survey now. Then, you can share the results with your colleagues to spark conversation, highlight a critical need, or compare how your practices rank among your peers.