Tag Archives: open source survey

Part 3 – [ ________ ] is the Best Policy


August 18, 2014 By
David Jones
OSS_policies

In part 1 and part 2 of the ‘[ ________ ] is the Best Policy’ series, we looked at how open source policies can quite often lead to the wrong type of behavior in an organization. As we saw, 41% of development professionals stated they are generally looking for the path of least resistance when it comes to compliance with policies — many of whom will put a non-trivial amount of effort into working such policies.

Continue reading...

Part 2 – [ ________ ] is the Best Policy


August 13, 2014 By
David Jones
Policy Enforcement

In Part 1, ‘[ ________ ] is the Best Policy, we looked at some of the common aspects of an open source policy and discussed how our recent survey discovered that 41% of people think that policies are not enforced. Now in Part 2, we will look at how effective policies are when considering security concerns.

Continue reading...

Part 1 – [ ________ ] is the Best Policy


August 11, 2014 By
David Jones
David Jones

Open source has been around for donkey’s years but until recently the persuasive argument of “many eyeballs” was the guiding policy when using open source. In comes the recent industry shock wave we all know as Heartbleed and now many of us are re-evaluating the cost of free software.

Continue reading...

Lessons of Youth: A License to Use


July 11, 2014 By
Jeff Wayman
Youthful Lessons

I can still recall (it actually pains me to count the years, so I refuse to) with perfect clarity the sound of my 1200 baud modem handshaking with my neighborhood’s local BBS. It’s a sound that so consistently produces a smile for me, I liken it to the crisp smell of air just before rain begins to fall; it’s something instantly recognizable.

Continue reading...

Securosis Dives Deep into our 2014 Survey


July 2, 2014 By
Derek Weeks
True State of Open Source Security

There are two ways to motivate others to action: emotional appeal and fact based analysis. Our 2014 Open Source and Application Security survey results touched on both. We’ve run this survey for the past four years, but this time we decided to reveal the results in a new way. Rather than let our marketing team “spin” the results, we wanted to provide you a completely independent perspective focus on both open source development and application security. Adrian Lane, CTO and Security Analyst, at Securosis jumped at the chance. We provided him the raw survey results data and he agreed to write the analysis. We did not ask or direct him on what to write; in fact, Securosis’ Totally Transparent Research methodology does not allow companies like Sonatype to influence their research.

Continue reading...

We’re bringing sexy back, Sonatype hits the catwalk


June 24, 2014 By
Derek Weeks
Open Source, New Sexy?

Enthusiasm for securing the software supply chain is growing in both conversation and practice. For the past year, Sonatype has called for a new approach to securing the software supply chain that gives organizations an opportunity to protect their business and their applications from hacker exploits — taking a frictionless approach built into the supply chain and software development lifecycle, as opposed to bolt-on solutions looking for vulnerabilities later in the development process.

Continue reading...