I think we can all safely agree that open source software development is here to stay. Open, collaborative development has fundamentally changed not only how we code, but also the code we produce. It’s easier than ever to build complex solutions by reusing existing components. A new report from Sonatype examines the current state of open source in the enterprise. Although heavily slanted toward open source Java consumption, the trends are interesting. It’s also worth pointing out that Sonatype provides a solution for open source software management, so they have a stake in the game here. Their data is worth a look, though.
Nearly 80% of the enterprises surveyed consume open source software. Most interesting to me: two thirds of them are actively contributing code back to the upstream projects they consume. Also interesting to note is that just shy of half of all surveyed companies have a formal open source policy in place. And of those with formal policies, half of the respondents cite those policies as detrimental to the success of development.
The top complaints about formalized open source policies are:
- it slows down development
- we find out about problems too late in the process
- it’s not clear what’s expected of us
- there is no enforcement
Some organizations further restrict open source software usage by license, going so far as to verify the license of all components and their dependencies. At first blush that might sound like a big waste of time, but in reality that’s a good thing: open source license compliance is important, and fundamentally important to the longevity of open source in general. Of course, if these enterprises aren’t distributing their applications to others then license compliance with copyleft licenses like the GNU Public License isn’t as big of a deal.
Sonatype’s primary product, Nexus Professional is a repository manager that aims to solve many of the licensing, dependency, and procurement problems identified in the Sonatype survey (again, with a specific focus on Java). The survey highlights that 73% of enterprises stay informed on new releases of the open source components they use by manual web searches, or by directly visiting the projects’ websites. That’s clearly inefficient. Even established code sharing services like GitHub, Google Code, and SourceForge aren’t being as heavily utilized as they could be by the companies surveyed.
The primary motivation for this report is to demonstrate the need for Sonatype’s products, obviously. That focus, though, reveals useful general information. For example, the financial industry is the most likely to completely lock down open source developers to using specific approved resources. Another interesting revelation: the aspects of open source software most important to the companies surveyed are maturity, security, and overall code quality. License type is only of interest to a comparatively smaller portion of survey respondents.
Regardless of any challenges introduced by open source software, it’s clear that open source is gainin more popularity within traditional enterprises. Anything that can be done to simplify the consumption and compliance issues identified by Sonatype — for Java and every other language — is a good thing.