State of the Software Supply Chain 2021 by VMware Tanzu Focus on open source use in the enterprise
In an open source edition, VMware Tanzu again prepares the results of the “State of the Software Supply Chain” report. This one deals with the challenges and peculiarities of using open source software in more detail.
Companies on the topic
The open source edition of the “State of the Software Supply Chain” report deals with the challenges and peculiarities of using open source software.
(Photo by VMware Tanzu)
As part of the software supply chain assessment, VMware has also taken a closer look at the use of open source software (OSS). According to the report, OSS is used in production in 95 percent of the companies surveyed – but the larger the companies, the smaller the likelihood of this; VMware Tanzu attributes this to stricter guidelines.
Companies that do not use open source software in production cited the following reasons for this: They are still in the process of finding out how to manage OSS in production, and there is a policy against OSS in production (46 percent each). A quarter responded that a particular product had not yet been released.
When asked where companies get their open source software from, there was an almost even distribution regardless of company size: Around 79 percent use commercially supported open source software, such as the Linux distributions from Red Hat, SUSE or Oracle. Three quarters use commercial software that relies on open source components such as databases in the backend.
Seven out of ten companies use source code provided by the open source community, for example via GitHub. This is especially true for those employers that employ more than 1,000 developers; VMware Tanzu attributes this to the fact that these companies have the most resources for self-support.
Perceived advantages and disadvantages of OSS use
The most important benefits of OSS in production are lower costs (79 percent), more flexibility (63 percent), the benefit of a large community (58 percent) and higher developer productivity (45 percent). This is offset by dependence on the community for patching (56 percent) as well as their insufficient SLAs (42 percent) and the import of security risks (47 percent) as disadvantages. 36 Percent of those involved see licensing problems.
When asked which internal requirements apply to the use of OSS in production, four out of five companies provided very specific information. In about two-thirds of companies, the open source license must also cover the production environment, 43 percent insist on a list of approved open source software. A good 32 percent of companies want to have at least the opportunity to use commercial support.
Interested parties can also find out what organizational and security-related challenges the respondents see in the “Open source Edition of the State of the Software Supply Chain” report.