How pervasive is open source software? Extremely pervasive. Is it getting any easier to work with? Not much easier, sorry.
That’s the prognosis of a recent survey of 872 IT managers, which finds eight in 10 companies employ open source software.
However, using freely available and low-cost or no-cost licensed software only solves part of the problem — there is still the challenge of securing the software, as well as having the skills and support to maintain and run it effectively.
More than 40% of technology managers say security and compliance are an issue with open source.
Nearly 40% of teams using open source lack the internal skills to test, use, or integrate that software.
The survey, from OpenLogic and by Perforce and the Open Source Initiative (OSI), finds skills and support to be the main stumbling blocks across all categories of open source solutions, from operating systems to databases to development tools.
Top challenges with open source software include the following:
- Maintaining security policies and compliance: 42%.
- Lack of skills, experience, or proficiency: 38%.
- Keeping up with updates and patches: 37%.
- Lack of low-level technical support: 36%.
- Maintaining end-of-life support: 36%.
The most “business-critical” open source software in use today, managers say, is Linux, Apache HTTP, Git, Node.js, WordPress, Tomcat, Jenkins, PHP, and Nginx. “Software in general has become business-critical for many organizations, and consequently open source software are key pieces of their digital infrastructure,” the survey’s authors state. “More mature organizations acquire expertise in these key technologies, and recognize the importance of being part of communities to participate in the innovation coming from open source.”
Containers and container orchestration technology, together with software development lifecycle tools,
are the most invested-in and most commonly used open source technologies, the survey also shows.
While still in the minority, there appear to be more organizations contributing back to the open source pot, the survey shows. At least 37% of organizations now contribute to open source, which includes contributions to open source projects or to open source organizations (code or other activities). This is a five percent increase from last year.
The top activity, selected by 46%, was performing security scans to identify vulnerabilities in open source packages.
“This highlights that there is more open security awareness and a variety of tools (open source and commercial) that can help organizations make security scans part of their software development lifecycle,” the survey’s authors report. “Along similar lines, it’s also promising to see open source security policies or compliance in the top three, since defining external or internal compliance processes is a marker of open source maturity.”
Looking ahead over the next 18 months, technologies on peoples’ radar screens include artificial intelligence, machine learning, and deep learning (all a single category), which edged Kubernetes from its number-one spot in last year’s survey. Other technologies seen as important in the near future include virtual reality or augmented reality.
Cloud-native open source technologies are also a hot commodity, showing “significant adoption in organizations of all types and sizes,” the survey finds. Container-based deployments are on the rise, coinciding with an increase in open source tools designed to support cloud-native environments. For example, Kubernetes usage increased by five percent in the past year; with 23% of the votes, it is now the third most used cloud-native technology. Just about every cloud-native technology grew over the last 12 months. Projects in the observability space, such as OpenTelemetry, Jaeger, and Prometheus, are also being adopted at a particularly rapid pace.
There’s more action in terms of open source automation and configuration tools for DevOps. Just two years ago, nearly 50% of respondents said they were not using any technologies in this category — now only 12% are not using them. The adoption of open source continuous integration (CI) and continuous delivery and deployment (CD) tools, particularly cloud-native CI and CD tools, is also on the rise. On the whole, tools that run natively in containers (Jenkins X, Spinnaker, and Tekton) saw a boost in usage this year.
Containers and container orchestration technology continue to gain adoption, with a significant increase in usage — 33% this year versus 18% last year. Just over one-third of companies, 34%, now use open source software development life cycle (SDLC) tools, and 22% work with open source content management solutions.