LINUX FOUNDATION RESEARCH

We’re investigating the impact of open source collaboration to solve the world’s most pressing challenges.

LF Research about page cover tiles

About LF Research

LF Research publishes actionable and decision-useful insights into open source software, hardware, standards, and data based on empirical research methodologies. Through leveraging community networks, project databases, surveys, and qualitative findings, and through its commitment to best practices in primary research, Linux Foundation Research is the definitive home for data-driven insights into open source for the benefit of governments, enterprises, and society at large.

Open Source Software Developer Report

Intel partnered with LF Research once again this year, this time to study what developers need to advance their careers. Our new report reveals that learning new skills and connecting with other developers, especially at in-person events, is a top priority.

 

Cover_OSS_Developer_Report_2024

Participate in Our Research

Join the LF Research Forum and participate in our surveys and interviews to give back to your community and earn events & training discounts!

Interested in conducting research?

Review our prospectus for more information, and email us at research@linuxfoundation.org

 

lfresearch_benefits

Addressing Cybersecurity Challenges in Open Source Software

Download Report

Abstract

While open source software is ubiquitous and generally regarded as being secure, software development practices vary widely across projects regarding application development practices, protocols to respond to defects, or lack of standardized selection criteria to determine which software components are more likely to be secure. Consequently, software supply chains are vulnerable to attack, with implications and challenges for open source project communities.

To help improve the state of software supply chain security, new research was conducted in partnership with the Open Source Security Foundation (OpenSSF), Snyk, the Eclipse Foundation, CNCF, and CI/CD Foundation as a means to help focus efforts in programming, incentives, and other resourcing to support the creation of more secure software.

In April of 2022, LF Research and its partners fielded a survey comprising 539 open source software maintainers and core contributors and qualitative interviews from a subset of those individuals. This report identifies the most acute software security development gaps and challenges, including at the organizational level, where policies requiring security protocols are in short supply, and dependencies are not effectively managed. 

Authors

  • Linux Foundation Research Team
  • Foreword by Brian Behlendorf, General Manager, Open Source Security Foundation

Additional Resources

Our Team

Filter by: