A survey of 712 IT professionals finds that programming languages and frameworks (49%), followed closely by databases and data technologies (46%), DevOps/GitOps/DevSecOps tooling (39%) and cloud and container technologies (38%) are the areas where open source software is most widely adopted.
Conducted in collaboration with the Open Source Initiative (OSI) consortium and the Eclipse Foundation, the survey also finds nearly half (49%) of respondents reporting they have increased use of open source software in the last year, with 21% describing that increase as significant. Nearly half (49%), however, said usage of open source software remained the same in the last year.
Not surprisingly, the primary reason cited for adopting open source software was reduced costs derived from no licensing fee (62%), followed by avoiding vendor lock-in (55%).
Despite that level of adoption, roughly a third of respondents also noted they still struggle with Security updates and patches (39%), installations, upgrades, and configurations (30%) and technical support (29%). Nearly half (47%) are also spending more than three quarters of their time on maintaining the open source software that has been deployed, the survey finds.
Matthew Weier O’Phinney, principal product manager for the OpenLogic arm of Perforce, said that suggests many organizations that adopt open source software are still challenged by how best to operationalize it once it’s been installed, especially when it comes to staging current and applying software patches.
On the plus side, regulations such as the Cyber Resilience Act (CRA) and the Digital Operational Resilience Act (DORA) enacted by the European Union will push more organizations toward embracing best DevSecOps practices when installing and maintaining open source software, noted Weier O’Phinney.
Overall, the survey finds well over half of respondents (58%) have deployed open source software in an on-premises IT environment, followed by 32% that have deployed open source software on the Amazon Web Services (AWS) cloud. In comparison, 18% are running open source software on the Microsoft Azure cloud, followed by 11% using Google Cloud Platform (GCP).
The most widely used open source programming languages are JavaScript and Python at 72% each, followed by PHP at 49% and Java at 46%. The most widely used open source application development frameworks are jQuery 31%, Symfony (30%), VueJS (28%), ReactJS (28%) and Laravel (26%), the survey finds.
Finally, the most widely deployed open source operating systems are Ubuntu (55%), Debian (35%) and Alpine Linux (29%).
Despite a wave of cyberattacks against software supply chains targeting open source software, it’s clear that organizations are either as or more dependent on the maintainers of multiple projects. The challenge is that many of these maintainers lack the resources needed to address new vulnerabilities as they are discovered, many of which are now being surfaced by artificial intelligence (AI) tools.
Unfortunately, cybercriminals are becoming more adept at using AI tools to create malicious code that exploits vulnerabilities. The resulting paradox is that organizations find themselves heavily dependent on open source software that may be more fundamentally insecure than ever.
Hopefully, there will come a day when more organizations contribute the resources required to truly secure open source software. In the meantime, DevOps teams remain well-advised to proceed with much care when downloading any type of open source software from a public repository.
from DevOps.com https://ift.tt/J0hyCo5
Comments
Post a Comment