Security News > 2020 > December > Open-source developers say securing their code is a soul-withering waste of time

Open-source developers say securing their code is a soul-withering waste of time
2020-12-09 14:52

A new survey of the free and open-source software community conducted by the Linux Foundation suggests that contributors spend less than 3% of their time on security issues and have little desire to increase this.

A report based on the answers of nearly 1,200 FOSS contributors carried out by the Linux Foundation and Laboratory for Innovation Science at Harvard highlighted a "Clear need" for developers to dedicate more time to the security of FOSS projects as businesses and economies become increasingly reliant on open-source software.

The survey, which included questions designed to help researchers understand how contributors allocated their time to FOSS, revealed that respondents spent an average of just 2.27% of their total contribution time responding to security issues.

The researchers concluded that a new approach to the security and auditing of FOSS would be needed to improve security practices, while limiting the burden on contributors.

Developers "Could rewrite portions or entire components of FOSS projects that are prone to vulnerabilities," as opposed to trying to mend existing code.


News URL

https://www.techrepublic.com/article/open-source-developers-say-securing-their-code-is-a-soul-withering-waste-of-time/#ftag=RSS56d97e7