With 40 million developers, 300,000 open source projects, 500 billion open source package downloads annually -- what could go wrong? Or better yet, what could organizations get more right?
In a two-year long collaboration with Gene Kim and Dr. Stephen Magill, we objectively examined and empirically documented software release patterns and cybersecurity hygiene practices across 30,000 commercial development teams and open source projects. At the heart of our endeavor: what attributes can we use to identify the best open source project behaviors, what behaviors have been adopted by the best development teams relying on those projects, and is there a future where machines are applying such knowledge to building applications on our behalf?
Our research uncovered a number development and cybersecurity hygiene behaviors across open source software projects that we categorized as exemplars, laggards, features first, and cautious. The exemplars represented the very best OSS suppliers with extraordinary track records for releasing updates, remediating vulnerabilities, staffing well, and demonstrating high adoption rates.
We also uncovered exemplary development behaviors across teams that utilize open source software components, that included: defining process to update components, reducing the number of library versions in use, and automating practices that aid in updating dependencies.
In this session, I will reveal the insights we uncovered. Attendees will learn which techniques, team structures and release patterns exemplary development teams have been championed at large enterprises and open source projects alike. I’ll share observations of exemplary teams release new code 2.4X faster and remediate security vulnerabilities 2.9X faster. Finally, I’ll shed light on how we could apply these exemplary practices using AI and ML to pave the way toward machines making safer software faster.