The 2014 Survey: Marked by an Industry Shock Wave

June 20, 2014 By Wayne Jackson

2 minute read time

Wow! What an amazing turnout we had for our 4th annual survey: 3,353 participants this year brings us to over 11,000 participants in the four years we’ve run this survey. I would like to extend a BIG THANK YOU to all who participated!

2014 Open Source Development SurveyThe survey started with a bang and was quickly followed by a shock wave. Just a week after our 2014 survey kicked off this year, the tech world was thrown off kilter by the announcement of the Open SSL bug dubbed Heartbleed. In the survey analysis, you can see how perceptions of open source components and application security changed before and after the Heartbleed announcement. Make your guess, did Heartbleed in fact raise concerns over open source related breaches? How do you see this impacting future behaviors?

In many ways, I believe this year’s survey results will mark an inflection point for open source development and application security. With 90% of a typical application now assembled using open source components, and enterprise architects teaming with application security to boost their focus on tracking and governing known component vulnerabilities, I believe we will mark post-Heartbleed 2014 as an important turning point toward trusted application development. This includes an increased vigilance toward use and maintenance of components across our software supply chain.

While we celebrated the 34 survey participants who scored those kool LEGO programmable robots or the $100 Amazon gift cards, we also had some fun this year finding out what your pizza and drink preferences were (spoiler alert: beer edged out soda by 1%). And yes, due to popular demand, we’ll be sure to add in “bacon” next year as one of the preferred pizza toppings.

As a good friend once reminded me, “it’s not the stats that count”. So, while the 2014 results might astound, motivate, or frustrate you, remember that the actions you take after seeing the results will be much more valuable to your organization than the stats themselves. Consider sharing these results with your colleagues over lunch or at your next staff meeting. You might even present them at your next local JUG, OWASP, or DevOps meet up to gauge perspectives or share best practices with others across the community.

Finally, I would like to thank this year’s co-sponsors of the survey: NEA, Contrast Security, Rugged Software, and the Trusted Software Alliance. They all helped us refine this year’s survey questions and broaden the participation.

Now, dive into the results and let the discussions begin!

Tags: Cyber Supply Chain Management and Transparency Act, H.R. 5793, government open source software (GOSS), bash, industry stats, spring, open source components, Cyber Chain Integrity Act, application supply chain management, Everything Open Source, Wayne Jackson, josh corman, Struts, 2014 survey, open source software supply chain, Cyber Supply Chain, Application Security, bill of materials (of 3rd party and open source co, cyber supply chain management, Software supply chain management, heartbleed, bouncy castle, AppSec Spotlight, poodle, open source development

Written by Wayne Jackson

Wayne is the CEO of Sonatype, a role he has held since 2010. Prior to Sonatype, Wayne served as the CEO of open source network security pioneer Sourcefire, Inc. (NASDAQ:FIRE), which he guided from fledgling start-up through an IPO in March of 2007, later acquired by Cisco for $2.7 billion. Before Sourcefire, Wayne co-founded Riverbed Technologies, a wireless infrastructure company, and served as its CEO until the sale of the company for more than $1 billion in March of 2000.