The 2014 Survey: Marked by an Industry Shock Wave


June 20, 2014 By Wayne Jackson

Wow!  What an amazing turnout we had for our 4th annual survey:  3,353 participants this year brings us to over 11,000 participants in the four years we’ve run this survey.  I would like to extend a BIG THANK YOU to all who participated!

2014 Open Source Development SurveyThe survey started with a bang and was quickly followed by a shock wave.  Just a week after our 2014 survey kicked off this year, the tech world was thrown off kilter by the announcement of the Open SSL bug dubbed Heartbleed.  In the survey analysis, you can see how perceptions of open source components and application security changed before and after the Heartbleed announcement. Make your guess, did Heartbleed in fact raise concerns over open source related breaches? How do you see this impacting future behaviors?

In many ways, I believe this year’s survey results will mark an inflection point for open source development and application security.  With 90% of a typical application now assembled using open source components, and enterprise architects teaming with application security to boost their focus on tracking and governing known component vulnerabilities, I believe we will mark post-Heartbleed 2014 as an important turning point toward trusted application development.  This includes an increased vigilance toward use and maintenance of components across our software supply chain.

While we celebrated the 34 survey participants who scored those kool LEGO programmable robots or the $100 Amazon gift cards, we also had some fun this year finding out what your pizza and drink preferences were (spoiler alert: beer edged out soda by 1%).  And yes, due to popular demand, we’ll be sure to add in “bacon” next year as one of the preferred pizza toppings.

As a good friend once reminded me, “it’s not the stats that count”.  So, while the 2014 results might astound, motivate, or frustrate you, remember that the actions you take after seeing the results will be much more valuable to your organization than the stats themselves.  Consider sharing these results with your colleagues over lunch or at your next staff meeting.  You might even present them at your next local JUG, OWASP, or DevOps meet up to gauge perspectives or share best practices with others across the community.

Finally, I would like to thank this year’s co-sponsors of the survey: NEA, Contrast Security, Rugged Software, and the Trusted Software Alliance.  They all helped us refine this year’s survey questions and broaden the participation.

Now, dive into the results and let the discussions begin!