<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Finding #4: Getting approval to use new open source components in large organizations is often slow and tedious

Chris Grams
by Chris Grams
on May 3, 2022

Don't miss the latest from Tidelift

In December of 2021, Tidelift fielded our annual survey of technologists who use open source to build applications at work. Nearly 700 people shared how they use open source software today, what holds them back, and what tools and strategies help them use it even more effectively.

In this post, we share the fourth of seven key findings. If you don’t want to wait for the rest of the results, you can download the full survey report right now at the link below.

Download Survey

In this year’s survey, we wanted to understand how application development teams bring new open source components into their organization and what challenges they face when introducing these components.

First, we asked respondents to describe the evaluation or approval process currently being used to bring in new open source components. The majority of organizations employ some sort of process requiring authorization (61%) while 38% do not have an approval process or do not require authorization.



Of the 61% of organizations that require approval, 22% require authorization from a specific person or team, 21% require authorization by multiple departments, and 18% have a formal authorization process managed by a centralized committee or team.

Of the 38% of respondents not requiring authorization, 19% have no approval process at all and 19% have an informal approval process that does not require authorization.

We refer to the no-authorization-required organizations as the “move fast” camp and the authorization-required organizations as the “stay safe” camp, and it was interesting to see that the majority of organizations fell into the “stay safe” camp.


The differences became even more stark when looking at the results from the largest organizations with over 10,000 employees. A whopping 78% of respondents from these organizations have a process requiring authorization, led by 37% that have a formal process managed by a committee or team, another 31% with a formal process requiring multiple departments or functions for approval, and only 10% requiring authorization from an individual or team.

Only 22% of the largest organizations do not require authorization, with 14% of those having an informal approval process and 8% having no approval process at all. Not surprisingly, smaller organizations under 1,000 employees are twice as likely to not require authorization, with almost half (46%) of respondents reporting an informal process or none at all.

Next, we wanted to understand, for those organizations with some sort of authorization process, how long it typically takes to get new components approved. Only 11% of respondents get new components authorized in less than a day. For half of the respondents (50%) it takes between one day and one week. For 29% it takes between one week and one month. And in 10% of organizations, it takes a month or more.


As one might expect, approval takes longer in the largest organizations. Whereas 39% of all respondents said it takes a week or more for approval, in organizations over 10,000 employees, that percentage shoots up to 56%, with 19% of respondents saying it takes more than a month to get new components approved. By comparison, only 6% of respondents from organizations with 1,000 or less employees said approval takes more than a month.


Finally, we broke down the length of time it takes to get approval by the type of process the organization has in place. The results were stark, but intuitive. The most common process in organizations that approve components in less than a day is an informal process that does not require authorization from a specific person or team. Almost double the percentage of respondents who reported they use an informal process (19%) said approval takes less than a day.


Conversely, the organizations reporting that authorization to use a new component took more than a month typically have a formal process requiring approval from multiple departments or functions (16%) or a centralized committee or team (14%).

We hope you found some useful and actionable information in this blog post. If you’d like to get notified as future posts come out, please sign up for our blog digest here. Or if you don’t want to wait, download the full survey results today!

New call-to-action