2012 sonatype-survey-findings-pdf-1
DESCRIPTION
Findings from Sonatype's 2012 annual open source software development survey. More than 2,500 responses from around the world.TRANSCRIPT
Transforming Software Development
Transforming Software Development
Transforming Software Development
Transforming Software Development
Who Did We Talk To?
3% IT Operations
6% Manager, Director, or Executive
5% Build Manager
22% Architect
13% Team Lead/Project Manager
52% Software Developer/Engineer
Role Within the Organization
2012 Sonatype survey of 2,550 developers, architects, and managers
Transforming Software Development
A variety of organizations were represented
17% Financial Services
33% Tech & ISV
12% Consulting
6% Telecommunications
2% Manufactoring
5% Media & Entertainment
7% Goverment & Military
18% Other
Organizations Surveyed
2012 Sonatype survey of 2,550 developers, architects, and managers
Transforming Software Development
Organizations large and small participated
24%
19%
23%
34%
501+
101-500
26-100
1-25
Number of Developers in the Organization
2012 Sonatype survey of 2,550 developers, architects, and managers
Transforming Software Development
OS development infrastructure is quickly becoming the standard
We’re standardizing on an open source development infrastructure stack
49% 2011
52% 2012We only use open source infrastructure if it’s commercially supported
7%
10%
2011
2012
2011
2012
2011
2012
It’s not our corporate standard, but tons of people use it
27%
27%
A few of our developers use it, but it’s not widely adopted
17%
11%
Does your organization use open source development infrastructure?
2012 Sonatype survey of 2,550 developers, architects, and managers
Transforming Software Development
Most of you use a repository manager, here’s why
Why do you use a repository manager?
64%Improve build time
35%To enforce
standards for component
usage
32%Better
visibility intocomponent
usage
67%To managecomponent
usage
2012 Sonatype survey of 2,550 developers, architects, and managers
Transforming Software Development
Visibility and control is even more important for large organizations
Why do you use a repository manager?
64%Improve build time
41%To enforce
standards for component
usage
34%Better
visibility intocomponent
usage
75%To managecomponent
usage
Organizations with over 500 developers
2012 Sonatype survey of 2,550 developers, architects, and managers
Transforming Software Development
2/3 of organization contribute to open source projects
We strictly consume open source 34%We use open source and contribute directly back to projects45%We use open source and contributeback via a third party12%We contribute to open source projects even though our company’spolicies prohibit it
9%
Open Source in Organizations
2012 Sonatype survey of 2,550 developers, architects, and managers
45%
34%12%
9%
Transforming Software Development
Transforming Software Development
You told us that Java OS components are the most important to you
4%
Perl5.
4%
Python4.
14%
C / C++3.
15%
.NET2.86%
Java1.
How important are the following types of open source components to your organization?Percentage reporting critical, pretty important, or medium, but getting more important
2012 Sonatype survey of 2,550 developers, architects, and managers
Transforming Software Development
Web searches are the most common way of finding components
Must adhere to corporate standards
35%
70%
Search the web for artifacts that meet our needs
35%
Use master repository search tools (eg. Central Repository Search)
42%
Rely on the advice of my colleagues
How do you find artifacts for your projects?
2012 Sonatype survey of 2,550 developers, architects, and managers
Transforming Software Development
The Central Repository is the most popular source of components
1.87 of 527%
GitHub5.
2.13 of 539%
Atlassian4.
2.22 of 543%
JBoss3.
2.44 of 551%
Project Sites2.
3.17 of 578%
Central Repository1.
What sources of open source components are most important to your development e!orts?Percentage reporting critical or important
2012 Sonatype survey of 2,550 developers, architects, and managers
Transforming Software Development
Here’s what you said matters about the component you use
Security Code Quality Project Maturity Licensing
32%19%
51%
25%28%
51%
18% 25%
34%
27%
39%
22%
Mission critical Extremely important Somewhat important Minor concern Not a concern at all
For the components you use in your applications, howimportant are these attributes?
2012 Sonatype survey of 2,550 developers, architects, and managers
Transforming Software Development
Transforming Software Development
Only half of you have an open source policy
Does your organization have an open source policy?
2012 Sonatype survey of 2,550 developers, architects, and managers
51% No
49% Yes
Transforming Software Development
You told us, most of your organizations lack control over OS usage
We’re completely locked down. We can only use approved components.20%We have some corporate standards, but they aren’t enforced.43%There are no standards. Each developerteam choose the components that arebest for their project.
37%
Control of artifacts in development
2012 Sonatype survey of 2,550 developers, architects, and managers
Transforming Software Development
Interestingly, enforcement seems to be on the rise
13% in 201120%
45% in 201137%
42% in 201143%
We’re completely locked down. We can only use approved components.
We have some corporate standards, but they aren’t enforced.
There are no standards, each development team chooses their own components.
Control of Artifacts in Development
2011/2012 Sonatype surveys of developers, architects, and managers(2011 n=1,600; 2012 n=2,550)
Transforming Software Development
Regulated industries are more likely to be locked down
31%
18%
13%
25%21%
12%
19% 19%
Financial Services
Tech/ISV
Consulting
Telecomm
unications
Manufacturing
Media & Entertainm
ent
Govt & Military
Other
Control of Artifacts by SectorWe are completely locked down. We can only use approved components.
2012 Sonatype survey of 2,550 developers, architects, and managers
Transforming Software Development
Only 23% of you need approval before using OS components
51% Do not have a policy26% Have a policy 23% Must have approval before using any open source components
Does your organization have an open source policy?
2012 Sonatype survey of 2,550 developers, architects, and managers
Transforming Software Development
For those of you with policies...more than half of you hate them
Transforming Software Development
Lots of groups are responsible for open source policy
Who is responsible for Open Source Governance?
2012 Sonatype survey of 2,550 developers, architects, and managers
Development Teams
16%
6%
7%
28%15%
12%
18%
Legal
Security
Risk and Compliance
Application Development Management
IT Operations
OSS/FOSS Committee/Department
Transforming Software Development
Does your open source policy restrict component usage based on specific licenses?
2012 Sonatype survey of 2,550 developers, architects, and managers
Yes and we examine every component and *all* of its dependencies
Yes and we examine every component but *not* its dependencies
51% 25%
No, our policy does not restrict component usage based on licensing
24%
Over 3/4 of organizations restrict component usage based on specific licenses
Transforming Software Development
Policy restricting component usage based on specific licenses
Policy restricting component usage based on specific licenses:
Yes and we examine every component and *all* of its dependencies
Yes and we examine every component but *not* its dependencies
No, our policy does not restrict component usage based on licensing
2012 Sonatype survey of 2,550 developers, architects, and managers
51%
25%
24%
have no e!ectivelicensing policy49%
Transforming Software Development
Transforming Software Development
48% No
32% Yes, for all components including dependencies
20% Yes, for all components but NOT their dependencies
Does your organization maintain an inventory of open source components used in production applications?
2012 Sonatype survey of 2,550 developers, architects, and managers
Transforming Software Development
It’s difficult to know when components & dependencies are updated
No good way to find out
When a component is updated, how do you know?
2012 Sonatype survey of 2,550 developers, architects, and managers
74%
40%30%
20%
66%By searching the web
Keeping up with project sites
From colleagues
Word of mouth
Transforming Software Development
Thank you!