#OSS360

#OSS360

CollaboratorsPl

atin

um

Colla

bora

tors

Colla

bora

tors

#OSS360

Black Duck Center for Open Source Research and Innovation

2016-2017OpenSourceSecurityandRiskAnalyses

FutureofOpenSourceReports

#OSS360

Agenda

• Demographics• Open Source Adoption• Open Source Risks• Risk Remediation• A Look to the Future

#OSS360

DEMOGRAPHICS

#OSS360

Global Survey Response

819 IT Professionals from 91 countries

#OSS360

2% 2% 3% 3% 4% 4%

7% 7%

11% 12%

43%

RetailHealth Care

MediaAutomotive

ManufacturingGovernment/Military

Banking and Financial ServicesEducation

OtherConsulting

Technology/ISV Telecommunications

Industry Representation

#OSS360

Open Source Awareness is Organization Wide

LegalProfessional

VP/C-LevelExecutive

DevelopmentManager/Director

OtherSecurityProfessional

SystemsArchitect/CTO

ITOperations/DevOpsProfessional

SoftwareDeveloper

65% of respondents are developers, IT

operations, system architects, security

professionals

#OSS360

USAGE

#OSS360

60% Increased Open Source Usage

26% Remained Constant

Momentum for Open Source Continues to Increase

86% of organizations report Open Source use increased or remained constant

#OSS360

Organizations Use Open Source to…

16%

28%

69%

69%

77%

Embed in hardware products

Develop open source software

Power our infrastructure

Create customer applications

Build internal applications

#OSS360

Open Source Fulfills Strategic Objectives

37%

44%

55%

55%

67%

84%

Availablity of skilled developers

Code quality and security

Rate of innovation

Functionality

Freedom to customize code

Low cost with no vendor lock-in

#OSS360

Open Source is Core to IT Infrastructure

52%

53%

57%

Systems Management/Operating Systems

Containers/DevOps/Virtualization/Cloud Computing

Development Tools/Software Development Lifecycle

#OSS360

The Impact of Open Source is Significant

55%

61%

63%

Improves interoperability of systems

Improves quality of solutions we build

Speeds innovation

#OSS360

CONTRIBUTION

#OSS360

Organizations Recognize Benefits to Participation

34%

46%

53%

Deliver product as open source

Encourage active engagement and contributions

Fix and enhance existing projects

#OSS360

Contributions Reduce Overall Cost of Ownership

ShiftFrom201669%FixBugs

33%ReduceCosts

37%

38%

49%

55%

Gain competitive advantage

Fundamental to our product strategy

Reduce development and support costs

Fix bugs or add functionality

#OSS360

Open Source Community Involvement is Healthy and Growing

48% said the number of people contributing to open source in their organization is increasing.

25% have more than 50% of their developers contributing to one or more OSS projects

#OSS360

POLICY and GOVERNANCE

#OSS360

Organizations Understand Open Source Risks ….

53.5%

53.7%

54.6%

Comply with open source licenses

Monitor project and version usage

Aware of known security vulnerabilities

#OSS360

…. But Open Source is Still Unmanaged in Most Organizations

60%don’t have a formal

process for managing open source or are

unaware of one in their organization

OVER

Other(pleasespecify)2%

Idon’tknow16%

No,wedonothaveaformalprocess

45%

Yes- Multipledepartmentalprocesses

10%

Yes- standardizedcompany-wideprocess

27%

Other37%

#OSS360

Respondents Highlighted Successful Open Source Policies …

33%

39%

39%

42%

Policy guidance in developer tools

Approved open source licenses

Approved open source components

Structured review process for components

#OSS360

… But Organizations Still Struggle With Enforcement

24% Policy provides recommendations but is not reviewed or enforced

14% Code is manually reviewed but policy is not consistently enforced

Only 15% indicated enforcement with automated controls, while 25% review code via manual controls and enforcement

#OSS360

RISK

#OSS360

Organizations Highlight Ongoing Open Source Risks ….

61%

64%

66%

71%

74%

Adherence to internal development policies

Exposure of internal systems to exploitation

Intellectual property concerns

Exploitation of public facing applications

Unknown quality of components

#OSS360

50% Indicated open source reviews rely primarily on developer information

38% Don’t review code for open source

…. But Open Source Reviews Aren’t Thorough

45% review for open source code usage

during development

#OSS360

Open Source Code Review Models

23%

27%

28%

38%

String search and visual inspection

Internally developed tools

Third party tools

No open source code review

Over 60% had no structured open source

code review process

#OSS360

Manual Vulnerability Assessments Challenge Security Orgs

25%have no process for identifying, tracking or remediating known open source vulnerabilities

OVER

50%say internal resources manually identify and track remediation of known open source vulnerabilities

OVER

#OSS360

57% Developers responsible for identifying and tracking open source vulnerabilities

40% Security Team takes ownership of tracking code usage

26% Nobody has explicit responsibility

Shift From 201650% revealed no team took responsibility for tracking

open source vulnerabilities

Open Source Security Is a Shared Responsibility

#OSS360

LOOKING FORWARD

#OSS360

2017 Insights

• The world’s appetite for open source software continues at a furious pace.

• Open source solutions reduce development costs and increase time to market

• Awareness of security risks in open source components is increasing

• Even if organizations aren’t aware of their open source usage, open source is present in IT workloads in 90% of organizations

#OSS360

Open Source is Fundamental to Modern Software

Driving Us Forward• Default development model for new apps

• Builds on the success of others

• Shares critical expertise between orgs

• Accelerates product innovation

• Solves critical business problems

• Improves IT processes

#OSS360

Challenges Ahead

• Effective management of open source is not keeping pace with its increased usage• High profile vulnerabilities highlight a need for

greater security process• Lack of automation opens the

door to increased risk

#OSS360

Own Your Success – Participate in OSS Communities

Active community engagement …• Increases project vibrancy• Ensures project longevity and innovation• Reduces security risks• Ensures bugs are fixed quickly and properly

Get involved.

Build something amazing.

Have fun.

#OSS360

ARNOLD LEUNG

@APPNOVATION

CEO

When it comes to technology, our commitment to open source is right there in our branding…open digital delivered. From the start, we have been proud of our ability not just do support, but to drive pen technologies. By adopting this progressive, collaborative approach, we have enabled our company to go beyond being just architects, and become digital solutions providers, harnessing all the power of open technologies, all for the benefit of our clients" said Appnovation CEO Arnold Leung. ”This continued commitment makes us not only a company that remains innovative as well as competitive, it tangibly demonstrates the fact that we are open source evangelists, with an unrelenting desire to spread the open technologies message."

#OSS360

APPNOVATION

@APPNOVATION

PROBLEMTCL (The Creative Life), the third largest TV manufacturer in the world, needed a Drupal 8 redesign for their flagship site.Appnovation was asked to look at the issues, and conceptualize, then deliver a sleek aesthetic showroom, designed to afford users an improved, and superb user experience in terms of navigation.

SOLUTIONOur solution was to use and deploy the finest elements of Drupal 8, thus ensuring that everything was complete, feature rich, user friendly and aesthetically outstanding. The result was a sleek, sophisticated and user friendly site.

Appnovation is a global Digital Solutions and Managed Services provider delivering strategy, application development and enterprise integration on leading open technologies.

#OSS360

MAIKAUSSENDORF

@BAREOS_BACKUP

MANAGING DIRECTOR

Would you buy a new safe for your physical valuesand leave the key at the vendor, who will only giveyou access to your valuables as long as youcontinuously pay license fees?

A lot of backup users share this experience: theycan access their digital assets in case of emergencyonly as long as paying license fees for theirproprietary backup solution

Long term and sustainable data sovereignty is onlypossible with an Open Source Backup solution.“

#OSS360

BAREOS

WWW.CARDTECH.DE

PROBLEM

• The increasing amount of sensible data became uncomfortable to be backed up using the existing backup solution which required a huge maintenance workload.

• For compliance reasons a secure erase of temporary data was mandatory

SOLUTION

l Backing up data using Bareos, the implementation of processes and a specific engineered backup strategy on a high level of automation exculpate the IT-personnel

l The Bareos team implemented the missing secure erase feature as funded development

• Cardtech is a paymentservice provider

• Under supervision o f the German Federal Financial Supervisory Authority (BaFin)

• Secure Backup with Bareos• Meet Compliance• No vendor-lock-in

#OSS360

NAVIN BUDHIRAJA

@NAVINB @INFOSYS

SVP - HEAD – ARCHITECTURE, TECHNOLOGY & EDUCATION,

Open Source software has become the primary engine of innovation, and should now be viewed as the key building block of all modern enterprise architectures. Innovation in areas like cloud computing, big data, artificial intelligence, DevOps and modern web frameworks are all happening in the Open Source ecosystem, and the adoption of these technologies in enterprises is benefiting from the foundation of Linux that enterprise IT departments have already invested in. Infosys is actively taking Open Source, and Open Source based products, to all our enterprise clients.”

#OSS360

INFOSYS

@INFOSYS

PROBLEM

Payment disputes are an important reason for increased Days Sales Outstanding (DSO), which is exacerbated by an incorrect collection strategy, which not only increases DSO, but incorrect or aggressive collection strategy may also result in poor customer experience. A customer order propagates through multiple, incompatible ERP systems; any inconsistency in information could result in a payment dispute. **DSO is a key business metric. A large DSO can result in cash flow problems

SOLUTION

Infosys NiaTM - The Next Generation Integrated Artificial Intelligence Platform, built leveraging Open Source -ingests data from all the different systems – ERP, Order management, invoicing within the organization. This data in conjunction with external macro-economic and behavioral data was utilized to create a customer risk profile and aggregated to predict the total account value at risk. This allowed the organization to customize collection strategy for each customer, expedite resolution of disputes and prevent disputes, improve cash-flow forecasting.

Infosys is a global leader in technology services and consulting. We enable clients in more than 45 countries to create and execute strategies for their digital transformation. From engineering to application development, knowledge management and business process management, we help our clients find the right problems to solve, and to solve these effectively. Our team of 200,000+ innovators, across the globe, is differentiated by the imagination, knowledge and experience, across industries and technologies that we bring to every project we undertake.

#OSS360

TIM YEATON

@TBYEATON, @REDHATNEWS

EXECUTIVE VICE PRESIDENT &CHIEF MARKETING OFFICER

"Opensourceissynonymouswithinnovation,helping organizationsaroundtheworld solve complexproblemsfasterandcreate modern technologyplatforms thatenablethemtodelivernewservicestocustomers.ThesearekeyreasonswhyIbelievethisyear'ssurveyresultsshowthatamajorityofrespondentshaveincreasedtheiruseofopensourcesolutions,includinginkeyareaslikedevelopertools,machinelearning,IoT,andsoftware-definednetworking."

#OSS360

ANDREW AITKEN

@ANDREWOLLIANCE,@WIPRO

GM & GLOBAL OPEN SOURCE LEADER

Today,“OpenSourceFirst”isthenewmantraforenterprises.Thereason;opensourceisseenlessasonlyacostsavingsmeasurebutasakeytooltodrivecompetitivebusinessadvantage.Opensourceenablesfasterthought-to-production,innovation,efficiencyandabetterwayofbuildingsoftware.Withtheexplosionofopensourceprojectsthataddmassivevaluetoenterprises,theOpenSourceFirstmantrawillcontinuetogainmomentumandwillsoonbecomethedefaultwayofcomputing.

#OSS360

WIPRO

@WIPRO

PROBLEM

A leading US based financial services company realised that a large monolithic payments application was not agile enough to address the business growth in m-Commerce and retail sector. The client had a critical need for a next generation platform to build innovative, agile and scalable solutions leveraging a microservices framework.

SOLUTION

Wipro provided advisory, governance and technical consulting services to build the next gen platform for the client’s payment gateway.§ Assisted in refining the enterprise open source strategy,

developed governance, community and procurement models, and open sourcing of their own software.

§ Evaluated & recommended open source software’s to build next gen platform

§ Delivered a scalable platform to address future growth§ Ensured high availability to address five nines application

on three nines infrastructure stack§ Developed the platform components and core features

Wipro is a leading information technology, consulting business process services company that delivers solutions to enable its clients to do business better. Wipro delivers winning business outcomes through its deep industry experience and a 360 degree view of “Business through Technology”.

#OSS360

Thank You!Pl

atin

um

Colla

bora

tors

Colla

bora

tors