Control and security of corporate open-source projects proves difficult
May 01, 2013, 11:00 (1 Talkback[s])
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
Open source has become a staple for software development in the enterprise, but keeping track of it and maintaining security for it remains an elusive goal, according to a survey of more than 3,500 data architects and developers published today by Sonatype, which provides component lifecycle management products and also operates the Central Repository for downloading open-source software.
In spite what is clearly considerable open-source usage -- for example 80% of a typical Java application is now assembled from open-source components and frameworks -- 57% said their companies "lack any policy governing open-source usage" and 76% indicated lack of meaningful controls related to software typically obtained at no cost though licensed.