According to Snyk’s “State of Open Source Security Report 2019,” which surveyed over 500 open source users and maintainers, 30 percent of developers that maintain open source (OS) projects are highly confident in their security knowledge, which is up from 17 percent the year before. In addition, the percentage of OS maintainers that run security audits on their projects has risen twenty percentage points to 74 percent as compared to last year’s survey. Yet, only 42 percent of maintainers are auditing their code at least once a quarter. This is a problem because the goals for development velocity are so much higher than just a few years ago.
The New Stack and Linux Foundation’s survey of open source leaders found that the average development team was releasing code into production at more than two-thirds of companies. Other studies are less optimistic and indicate that only about a quarter of companies have reached that level of speed.
Read more at The New Stack