Security News > 2020 > December > Open source contributors spending no time on security
The Linux Foundation's Open Source Security Foundation and the Laboratory for Innovation Science at Harvard announced the release of a report which details the findings of a contributor survey administered by the organizations and focused on how contributors engage with open source software.
Census II identified the most commonly used free and open source software components in production applications, while the survey and report shares findings directly from nearly 1,200 respondents working on them and other FOSS software.
There is a clear need to dedicate more effort to the security of FOSS, but the burden should not fall solely on contributors.
Respondents report spending, on average, just 2.27 percent of their total contribution time on security and express little desire to increase that time.
The survey revealed that 48.7 percent of respondents are paid by their employer to contribute to FOSS, suggesting strong support for the stability and sustainability of open source projects but drawing into question what happens if corporate interest in a project diminishes or ceases.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/ME7Xdr2Lkpc/
Related news
- Open source maintainers: Key to software health and security (source)
- Osmedeus: Open-source workflow engine for offensive security (source)
- Am I Isolated: Open-source container security benchmark (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Debunking myths about open-source security (source)
- AxoSyslog: Open-source scalable security data processor (source)