Launching the State of Open Source Security Survey

Tim Kadlec's avatar Tim Kadlec

Earlier this week, we kicked off The State of Open Source Security survey. Our goal is to help all of us understand where we stand when it comes to building and consuming open source in a way that keeps us and the data we hold safe. We’ve made the survey short and to the point—so far the average time to completion is about 5 minutes—so please let us hear your thoughts by filling out the survey below.

Open source has changed the way companies build software, and keeping it secure has never been more important. This year alone has seen malicious packages hit both PyPi and npm, a wave of ransomware attacks targeting MongoDB installations, and of course the whole Equifax debacle involving a vulnerability in Struts.

While that’s enough to cause some level of concern in even the most optimistic of people, developers can do a lot to mitigate these concerns with proper attention to security and tooling.

To get an idea of where we as a community currently stand, we’ve started working on a State of Open Source Security report. We’re digging into a ton of data to get an understanding of what security techniques are being used, how vulnerabilities are mitigated and how closely open source users monitor their security.

That’s where you come in. In addition to the data we’re collecting, the survey will give us a better picture of the more human aspects around security. The survey is targeted at both open source maintainers and developers who use open source libraries in some way in their day to day work.

We would love to hear from you! The more responses we get, the more interesting the results will be. At the end of the survey, you have the option of providing your email if you would like us to contact you when the report is finished. Otherwise, just watch this space. We’ll make all the information openly available for everyone in the community to benefit from.

powered by Typeform

GDPR Compliance and Open Source

September 26, 2017

After years of preparation and debate, the General Data Protection Regulation (GDPR) was finally approved by the EU with enforcement starting as early as May 2018, at which time those organisations in non-compliance will face heavy fines. In this post we explain how that impacts companies using open-source and how they can protect themselves.

Snyk for your Enterprise

September 19, 2017

Today we're happy to announce the great features we’ve added for the teams developing and securing software within the Enterprise. We especially focus on Enterprises who recognise that security should be included as early as possible and throughout the developer lifecycle, who want it to be incredibly easy for both their development teams and security teams to use, and who want their developers to fix vulnerabilities, not just find them.

Subscribe to The Secure Developer Podcast

A podcast about security for developers, covering tools and best practices.

Find out more

Interested in web security?

Subscribe to our newsletter:

Get realtime updates and fixes for JavaScript, Ruby and Java vulnerabilities that affect your applications