SD Times blog: Surveys show open source makes for faster secure development

One of the things we see a lot of here at SD Times is surveys. It’s a great idea for your company to survey its customers, and the resulting information can be really useful—not just to your company, but to those of us who track the industry and its trends.

Thus, I was fairly disturbed by the results of a recent survey by Mendix that found that enterprise developers are having a very hard time giving the business folks what they’ve asked for. Gottfried Sehringer, vice president of marketing at Mendix, painted a fairly bleak picture of the state of enterprise development.

“Seventy-one percent of companies are not able to deliver what business is looking for, and in fact things are getting worse,” he said. “One of the reasons is demand keeps growing. In particular, in today’s era of digital transformation, companies are looking for more applications, more multichannel applications. There are fairly urgent business needs that keep putting pressure on the IT side. That pushes the backlog to grow.”

Mendix surveyed 470 of its customers for this report, and 82% reported having a project backlog, while 89% were unable to reduce their backlog year over year. That’s a recipe for disaster inside an enterprise structure. While all these failures aren’t necessarily flopping in the market and causing great losses, they are jamming up the workflow and slowing down the kind of progress many executives need to see to get their promotions and bonuses.

Meanwhile, security company Coverity recently released a survey that analyzed the security quality of the code inside 16 Big Data Apache applications, such as Hadoop and HBase. Coverity found that code quality in these projects has actually gone up in recent years.

Specifically, for the largest projects in this space (Hadoop, HBase and Cassandra), quality has improved to only 1.83 errors per 1,000 lines of code, better than last year’s average of 1.99.

That being said, many of the projects surveyed in this report were found to still be vulnerable to the Open Web Application Security Project’s Top 10 issues. These include such security chestnuts as cross-site scripting, SQL injections, and broken authorization and session management.

So it would seem that open-source projects are getting better over time, and enterprise projects are having difficulty reaching completion over time. If I had to give advice based on these two reports, it would be that your teams should build as little software as possible, and rely on open-source software and integrations to do the heavy lifting. Saving time saves projects, and as we can see, when enterprises collaborate on open source, everyone wins.