After poor documentation, a negative track record for security is the top reason companies do not use an open source technology, according to a survey last year by DigitalOcean. The number of vulnerabilities has soared due to the amount of dependent open source components used in applications. Despite these concerning trends, more than ever before developers think they’re up to the task of being responsible for security.
According to Snyk’s “State of Open Source Security Report 2019,” which surveyed over 500 open source users and maintainers, 30 percent of developers that maintain open source (OS) projects are highly confident in their security knowledge, which is up from 17 percent the year before. In addition, the percentage of OS maintainers that run security audits on their projects has risen twenty percentage points to 74 percent as compared to last year’s survey. Yet, only 42 percent of maintainers are auditing their code at least once a quarter. This is a problem because the goals for development velocity are so much higher than just a few years ago.
The complete article can be found here.
