About 40 percent of industry professionals say their organizations have reduced their use of open source software due to security concerns, according to a new 2022 State of Data Science survey by data science firm Anaconda. The survey, which lasted from April 25 to May 14, 2022, was based on information from 3,493 participants from 133 countries and territories, including academics, industry professionals and students. About 16% of those respondents identified as data scientists.
About 33% of industry professionals surveyed said they haven’t scaled back open source, 7% said they’ve increased their usage, and 20% said they weren’t sure. The remaining 40% said they had scaled back. Downsizing doesn’t mean stopping, though, with 87 percent of business respondents saying their organization still allows open source.
In 2021, 65% of business respondents said their teams were encouraged to contribute to open source projects, with the majority (54%) saying their employers empowered them to contribute to open source by increasing funding related to open source projects Contribute to open source project development. But this year only 51.99% of business respondents said their teams were encouraged to contribute to open source projects – down about 13% year over year.
The report notes that this may be due to security concerns. The majority of these respondents (54.04%) said their employers are empowering them to contribute to open source by increasing the time they dedicate to contributing to open source projects. In terms of the attractive advantages of OSS, affordability (20.84%) and speed of innovation (20.54%) top the list of respondents.
Still, there seems to be a lot of people looking to reduce the risk of relying on too many open source dependencies. The Anaconda report found that incidents such as Log4j and reports of “protestware” have prompted users of open source software to take security issues more seriously. Of the 40% who reduced their use of open source, more than half did so after being affected by Log4j. About 31% of respondents said that security breaches are the biggest challenge for the open source community right now.
Most organizations are using open source software; however, more than half of the 8 percent of respondents who said they don’t (54 percent, up 13 percent from last year) cited security risks as a reason, according to Anaconda. Other reasons for not using open source software include: lack of understanding (38%); lack of confidence in organizational IT governance (29%); open source software is considered insecure and therefore not allowed (28%); and not wanting to break Current projects (26%).
The survey also pointed to industry concerns about a lack of technical skills, with a majority (62.51%) of business respondents saying their organisations were at least somewhat concerned about the potential impact of talent shortages. Only 10.43% said their organization didn’t care at all.
Python remains the language of choice for data science types. Of the respondents, 31% said they use the language “always” and 27% use it “often”. This compares to 3% and 12% for Julia, respectively.
See the full report for more details.
#Affected #security #factors #Log4j #industry #insiders #reduced #scale #open #source