Security News > 2020 > December > Open source contributors spending no time on security
The Linux Foundation's Open Source Security Foundation and the Laboratory for Innovation Science at Harvard announced the release of a report which details the findings of a contributor survey administered by the organizations and focused on how contributors engage with open source software.
Census II identified the most commonly used free and open source software components in production applications, while the survey and report shares findings directly from nearly 1,200 respondents working on them and other FOSS software.
There is a clear need to dedicate more effort to the security of FOSS, but the burden should not fall solely on contributors.
Respondents report spending, on average, just 2.27 percent of their total contribution time on security and express little desire to increase that time.
The survey revealed that 48.7 percent of respondents are paid by their employer to contribute to FOSS, suggesting strong support for the stability and sustainability of open source projects but drawing into question what happens if corporate interest in a project diminishes or ceases.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/ME7Xdr2Lkpc/
Related news
- Sara: Open-source RouterOS security inspector (source)
- What’s Next for Open Source Software Security in 2025? (source)
- GitHub CISO on security strategy and collaborating with the open-source community (source)
- Fleet: Open-source platform for IT and security teams (source)
- Orbit: Open-source Nuclei security scanning and automation platform (source)
- Misconfig Mapper: Open-source tool to uncover security misconfigurations (source)