<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Finding #2: Only 15% of organizations are extremely confident in their open source management practices; the majority have concerns

Chris Grams
by Chris Grams
on April 19, 2022

In December of 2021, Tidelift fielded our annual survey of technologists who use open source to build applications at work. Nearly 700 people shared how they use open source software today, what holds them back, and what tools and strategies help them use it even more effectively.

In this post, we share the second of seven key findings. If you don’t want to wait for the rest of the results, you can download the full survey report right now at the link below.

 

Download Survey


In our previous survey, one of the most shocking findings was that the majority of respondents expressed reservations about how well their organization manages
open source. In that survey we found that only 18% of respondents were extremely confident in their organization’s management practices, while 24% were not very or not at all confident.

Our results this year were relatively consistent. First the bad news: in this year’s survey, the percentage of extremely confident respondents dropped to 15%. The good news? The percentage reporting that they are not very or not at all confident also fell slightly from 24% to 22%. Which means that the majority of respondents are somewhat confident in their open source management practices (62%).

chart5-logo-only-15%-of-organisations-are-extremely-confident-in-their-open-source-mgmt-practices-v01

In our previous survey we found that the larger the organization, the less confident respondents were about its open source management practices. While respondents from the largest organizations were still less confident in this year’s survey, the differences were less pronounced. In organizations with over 10,000 employees, 20% were extremely confident, while 26% were not very or not at all confident. This compares favorably to the previous results, where 39% reported that they were not very or not at all confident.

chart6-with-logo-Large-organizations-continue-to-be-less-confident-in-their-open-source-management-practices,-although-the-gap-has-narrowed-v01

One important factor that appears related to how confident respondents were about their open source management practices is whether their organization currently uses software bills of materials. In organizations using software bills of materials, 22% reported that they were extremely confident while only 13% reported being not very or not at all confident. Conversely, only 7% of organizations that are not using software bills of materials were extremely confident, while 39% were not very or not at all confident.

chart7-logo-Organizations-using-SBOMs-tend-to-be-more-confident-that-their-open-source-components-are-up-to-date,-secure,-and-well-maintained--v02

While it is good to see the not very and not at all confident responses dropping in this year’s survey, it is still alarming—but not surprising—how few organizations are extremely confident in their open source management practices. The good news is that best practices for managing open source effectively are getting more and more clear, so despite the increase in software supply chain attacks like Log4Shell, we hope to see these numbers start rising as more organizations put these best practices in place.

We hope you found some useful and actionable information in this blog post. If you’d like to get notified as future posts come out, please sign up for our blog digest here. Or if you don’t want to wait, download the full survey results today!

New call-to-action