You are here: Home / Openness / Security of Open Source Software : A Survey of Technical Stakeholders’ Perceptions and Actions

Security of Open Source Software : A Survey of Technical Stakeholders’ Perceptions and Actions

Posted by Divyansha Sehgal at Apr 13, 2023 06:01 AM |
Filed under:

Open-source software (OSS) components are largely assumed to be secure due to their open nature. However, that is not always the case. Of late, there has been an increased incidence of software supply-chain issues, with some industry reports estimating a 300% increase in attacks that exploit existing vulnerabilities between 2020 and 2021.
This report by Centre for Internet and Society surveys technical stakeholders to determine how they select OSS components to use in their projects and how they think broadly about the security of the projects they create.

Highlights:

  • 90% of respondents work in companies with a dedicated team responsible for the security of software. 80% of them do not carry out any further security checks on an OSS once it has been approved for use by their security teams.
  • 80% of respondents see comprehensive documentation as an important factor when selecting an OSS for use.
  • 70% of respondents report validating dependencies in their selected open-source software component.
  • 50% of respondents consider how actively an open-source software is maintained before selecting it for their projects.
  • 40% of respondents do not anticipate accidental exploitation of vulnerabilities or expect malice from bad actors when they create software.
  • 30% of respondents report not doing any post-release maintenance on the OSS component used and deployed.
 

Click to download the full report

Filed under: