In June of 2020, Tidelift fielded our annual managed open source survey of technologists who use open source to build applications at work. Over 600 people shared how they use open source software today, what holds them back, and what tools and strategies would help them use it even more effectively.
In this post, we share the third of nine key findings. If you don’t wait to wait for the rest of the results, you can download the full survey report right now at the link below.
In our previous findings, we learned that many organizations are accelerating their usage of open source because of how it helps them save time and money, while increasing efficiency. But increasing usage of open source also comes with its own set of challenges. In this year’s survey, we asked technologists to indicate the most critical challenges their teams face when using open source software.
The two most common challenges, faced by 62% of our respondents, are how to make good decisions about which components and versions to use and how to make good decisions about when to upgrade components and frameworks. These challenges happen at different times in the development lifecycle. Component selection happens when an application is initially written. In contrast, upgrading decisions usually occur as part of regular software maintenance.
While identifying and resolving security vulnerabilities is a challenge for 49% of respondents, it is even more critical in organizations with over 10,000 employees with 58% of these respondents citing it as a key issue.
Two other challenges rated higher for organizations with over 10,000 employees than with the full sample.
Where resolving licensing issues or complying with the organization’s license policy was only chosen by 31% of the respondents overall, in organizations with over 10,000 employees, almost half (46%) face this challenge. This lines up with data from previous surveys, where licensing issues tend to be of more concern to larger organizations where the risks of non-compliance can be higher.
The other challenge that was more commonly selected by respondents in larger organizations was lack of clarity about which open source components are safe and approved to use. Forty-two percent of large organization respondents cited this challenge, versus only 29% in the full sample.
We also asked which of these challenges was most urgent. Respondents at the largest organizations were more than twice as likely than the average (18% vs. 7%) to say that requesting to use new open source components is a lengthy or confusing process. This matches what we hear from developers working in large enterprises—that the process for introducing new open source dependencies can be slow, bureaucratic, and frustrating.
Clearly the challenge of bringing in new open source components is a sore spot at the largest organizations, with almost half (43%) reporting that their most pressing issue is either confusion about how to request a new component or making good decisions about which components or versions to use.
The more applications that use open source components, the more urgent this becomes. Among those with no more than half of their organization’s projects containing open source, only 18% believe this the most urgent challenge. In contrast, choosing which components to use is the top challenge for 32% of respondents with 100% of projects containing open source.
Want the full survey results in one report? Get them here now.
Read more about how we conducted the survey, see the survey demographics, and learn why we call it the managed open source survey.