Launching the State of Open Source Security Survey

Earlier this week, we kicked off The State of Open Source Security survey. Our goal is to help all of us understand where we stand when it comes to building and consuming open source in a way that keeps us and the data we hold safe. We’ve made the survey short and to the point—so far the average time to completion is about 5 minutes—so please let us hear your thoughts by filling out the survey below.

Open source has changed the way companies build software, and keeping it secure has never been more important. This year alone has seen malicious packages hit both PyPi and npm, a wave of ransomware attacks targeting MongoDB installations, and of course the whole Equifax debacle involving a vulnerability in Struts.

While that’s enough to cause some level of concern in even the most optimistic of people, developers can do a lot to mitigate these concerns with proper attention to security and tooling.

To get an idea of where we as a community currently stand, we’ve started working on a State of Open Source Security report. We’re digging into a ton of data to get an understanding of what security techniques are being used, how vulnerabilities are mitigated and how closely open source users monitor their security.

That’s where you come in. In addition to the data we’re collecting, the survey will give us a better picture of the more human aspects around security. The survey is targeted at both open source maintainers and developers who use open source libraries in some way in their day to day work.

We would love to hear from you! The more responses we get, the more interesting the results will be. At the end of the survey, you have the option of providing your email if you would like us to contact you when the report is finished. Otherwise, just watch this space. We’ll make all the information openly available for everyone in the community to benefit from.