Backslash Security introduced its Fix Simulation and AI-powered Attack Path Remediation capabilities.
According to the 2024 State of Open Source Report — from Perforce in collaboration with the Open Source Initiative and the Eclipse Foundation — 95% of respondents say that they have increased or maintained their use of open source in 2023 (33% of those significantly so).
Source: Perforce
As for the 5% who reduced their OSS, they were predominantly from early-stage startups. The most significant growth was reported among respondents in Latin America, Asia, Africa, and the Middle East, although all regions expanded open-source adoption.
Databases and data technologies received the most investment among all open-source software categories at 35%.
The next two largest categories are programming languages and frameworks, and cloud and container technologies, both at 31%.
Further analysis of the results revealed that it is particularly large enterprises that are investing in the latter category, while small to mid-sized firms are allocating more to data technologies.
This year, reducing cost is the top reason for choosing open source at 37%, access to functionality to improve development velocity (31%), stable technology with long-term community support (28%), and access to innovations and technologies (27%).
This shift towards cost reduction is a marked shift from previous years when this reason lagged behind those other drivers and probably reflects the economy and global instability.
Challenges
The continued skills shortage and pressurized budgets, leading to less available time and the inevitable focus on prioritizing daily firefighting, are also apparent, with 38% having challenges relating to the team's OSS skills, experience, and proficiency. Only 16% claimed not to lack open-source skills, and that response was predominantly from small organizations with under 100 employees or early-stage startups. 40% also have concerns over the lack of high-level technical support.
Organizations are taking steps to address the lack of skills, whether in-house or with help from third parties. For example, over 45% are investing in internal or external training, 38% are hiring experienced professionals, and almost 29% are hiring external contractors or consultants. Organization size (and budget) probably plays a role here, as 50% of the largest enterprises are outsourcing talent, whereas medium to large organizations prefer to provide internal or external training to address skill gaps.
Dealing with the skills gap cannot happen quickly enough, given some of the other significant challenges the survey reveals. When asked about their biggest open source support problem, 79% cited maintaining security policies and compliance, followed by staying current with updates and patches at 70%.
Open-source security tools could help alleviate some of these problems, but investment in these was only quoted by 15%, with primarily single-digit usage of the most popular open-source security tools.
EOL Software Is Still a Problem
In addition, End of Life (EOL) software is still being used extensively, and this can contribute to security issues. Unsupported EOL software that is not being patched internally or via a third party can create vulnerabilities that hackers can then exploit. 42% admit that maintaining EOL software is challenging.
That said, 40% scan open-source software for vulnerabilities, indicating that the use of open-source software is maturing.
Other examples of maturity include:
■ 37% having experts in different open-source technologies.
■ 29% contribute to open source projects or foundations, and the same percentage develop new open source software in public git repositories.
■ 21% generate software bills of materials (SBOMs).
■ 19% have a legal team familiar with open-source licensing.
So, while there are still some substantial challenges to overcome, it is encouraging to see that there is awareness of these, plus a greater appreciation of how open source has become a mainstream part of technology, increasingly an integral part of how organizations operate.
Industry News
Check Point® Software Technologies Ltd. announced the appointment of Nadav Zafrir as Check Point Chief Executive Officer.
Sonatype announced that Sonatype SBOM Manager, its Enterprise-Class Software Bill of Materials (SBOM) solution, and its artifact repository manager, Nexus Repository, are now available in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).
Broadcom unveiled the latest updates to VMware Cloud Foundation (VCF), the company’s flagship private cloud platform.
CAST launched CAST SBOM Manager, a new freemium product designed for product owners, release managers, and compliance specialists.
Zesty announced the launch of its Insights and Automation Platform.
Progress announced the availability of Progress® MarkLogic® FastTrack™, a UI toolkit for building data- and search-driven applications to visually explore complex connected data stored in Progress® MarkLogic® platform.
Snowflake will host the Llama 3.1 collection of multilingual open source large language models (LLMs) in Snowflake Cortex AI for enterprises to easily harness and build powerful AI applications at scale.
Secure Code Warrior announced the availability of SCW Trust Agent – a solution that assesses the specific security competencies of developers for every code commit.
GFT launched AI Impact, a new solution that leverages artificial intelligence to eliminate technical debt, increase developer efficiency and automate critical software development processes.
Code Metal announced a $13M seed, led by Shield Capital.
Atlassian Corporation has achieved Federal Risk and Authorization Management Program (FedRAMP) “In Process” status and is now listed on the FedRAMP marketplace.
Check Point® Software Technologies Ltd. announced that it has received a Leader ranking in The Forrester Wave™: Mobile Threat Defense Solutions, Q3 2024 report.
Mission Cloud announced the launch of Mission Cloud Engagements - DevOps, a platform designed to transform how businesses manage and execute their AWS DevOps projects.
Accelario announces the release of its free TDM solution, including database virtualization and data anonymization.