Organizations worldwide use Black Duck Software’s industry-leading products to automate the processes of securing and managing open source software, eliminating the pain related to security vulnerabilities, open source license compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com

Future of Open Source Survey 2016COMPLIANCE SPOTLIGHT

said there is no formal policy for selecting & approving open source code

of respondents who have policies don’t enforce them

or allow them to be bypassed

have no list of approved open source licenses

never evaluate their code quality

30%of respondents aren’t very successful at complying with associated licenses

OVER

NEARLY

NEARLY

NEARLY

50%

50%

are not successfully providing information about licenses, security issues & software versions

NEARLY

60%

60%

90%

Compliance is Erratic

Code Reviews Are Rare

Existing Policies Rarely Enforced

Future of Open Source 2016 collaborators: Abilian, Acquia, Ant Systems, Appnovation, Appsembler, Ardent Technologies, Inc., Bareos GmbH & Co. KG, Black Duck Software, Capital One, Chamilo, Chef, CloudFoundry Corp, Confer, Coolan, Couchbase, Credativ, DEIS/Engineyard, Eclipse Foundation, EnterpriseDB, Evolveum, Grid Protection Alliance, Hewlett Packard, InfoSys, JFrog, Linux Foundation, Linux Professional Institute, MARSEC, Microsoft, MassTLC, Miracl, nexB, NGINX, North Bridge, Open Source Business (OSB) Alliance, Open Source EHR Alliance, Open Source Initiative (OSI), OpenClinic, Open-Xchange, Opmantek, OpusVL, Pentaho, Ravel Law, Red Hat, Rift-io, SDH Institute, Tecnisys, The Apache Software Foundation, The Document Foundation, Ubuntu, Univention, VoltDB, Wikibon, WIPRO and WP Engine. *platinum collaborators are in bold

Growing Opportunity for Policies & Procedures