In 2021, VMware’s inaugural State of the Software Supply Chain, Open Source Edition survey explored opportunities and challenges for large companies leveraging open source software in their software supply chains. In 2022, we broadened the reach of the survey to unlock some of the unique  considerations for smaller businesses using open source software. 

The findings from the latest survey are now available and one thing remains overwhelmingly clear: organizations of all sizes are benefiting from open source software and communities in big ways. When we zero in on the smallest companies, those with 100 or fewer employees, we see that they recognize the same benefits as their larger counterparts, including cost efficiency, increased flexibility, developer productivity, and more.

Looking at new trends emerging from the report, here are some top takeaways:

• Slight downtick in deployment: While open source software is fulfilling customer expectations, the past year hasn’t been all smooth sailing for open source software adoption. Fewer survey respondents say they are deploying open source software in production this year than last year—90% versus 95%—due to management challenges, support concerns, and lack of trust in open source technology. 

• Security concerns growing: Given the rapid increase in cyberattacks against organizations worldwide, it’s not surprising that two of the top three concerns around open source software involve security – and the top two security risks pertain specifically to the ability to identify and address vulnerabilities.  
• Open source software packaging complexity: Open source software packaging is essential to ensure the security of the software supply chain, but it has become a point of complexity and concern. Survey respondents stated that packaging capabilities – such as those listed below — would go a long way towards addressing security concerns: 

• Immediate access to trusted security patches
• Centralized visibility to all scans
• Automated CVE and virus scanning 

• New security approaches: While open source software offers clear and compelling benefits, better approaches to packaging security are needed. Two recommendations covered in the study include:
  • Integrated packaging tools: Packaging tools can reduce complexity by integrating and automating tasks such as functional testing, CVE scanning, and publishing to repositories.
  • Pre-packaging: Choosing open source software packaged by a trusted source removes a lot of the uncertainty around security and eliminates the risk of CVEs. Updates become available quickly as new CVEs are found.

Given the wide variety of open source software available, it may be necessary for an organization to use both approaches to meet the entirety of their needs. These building blocks can significantly increase developer velocity when combined with an end-to-end developer platform.

About the Study

VMware commissioned Dimensional Research to conduct this study to understand the experiences and attitudes of technology professionals responsible for open source software. The study surveyed a mix of professionals in IT development and operations roles including technology executives, team managers, and individual contributors — from a wide range of industries. We had 1,198 open source software stakeholders participate in the 2022 study, representing more than double the number of respondents in 2021. 

Download the report for more insights and data points. VMware State of Software Supply Chain: Open Source Edition 2022, VMware, 2022

DOWNLOAD NOW

1. VMware State of Software Supply Chain: Open Source Edition 2022, VMware, 2022.
2. VMware State of Software Supply Chain: Open Source Edition 2022, VMware, 2022.