LINUX FOUNDATION RESEARCH

We’re investigating the impact of open source collaboration to solve the world’s most pressing challenges.

LF Research about page cover tiles

About LF Research

LF Research publishes actionable and decision-useful insights into open source software, hardware, standards, and data based on empirical research methodologies. Through leveraging community networks, project databases, surveys, and qualitative findings, and through its commitment to best practices in primary research, Linux Foundation Research is the definitive home for data-driven insights into open source for the benefit of governments, enterprises, and society at large.

Featured Research: Open Source and Energy Interoperability

In partnership with Natural Resources Canada and LF Energy, LF Research explores how open source projects and communities can play a vital role in building modern, robust, interoperable, and impactful energy infrastructure, with the aim of accelerating greater collaboration for energy stakeholders the world over.

 

Cover_Open_Source_and_Energy_Interoperability_2024

Surveys

Participate in our surveys, give back to your community, and earn events and training discounts!

Interested in conducting research?

Review our prospectus for more information, and email us at research@linuxfoundation.org

 

lfresearch_benefits

Addressing Cybersecurity Challenges in Open Source Software

Download Report

Abstract

While open source software is ubiquitous and generally regarded as being secure, software development practices vary widely across projects regarding application development practices, protocols to respond to defects, or lack of standardized selection criteria to determine which software components are more likely to be secure. Consequently, software supply chains are vulnerable to attack, with implications and challenges for open source project communities.

To help improve the state of software supply chain security, new research was conducted in partnership with the Open Source Security Foundation (OpenSSF), Snyk, the Eclipse Foundation, CNCF, and CI/CD Foundation as a means to help focus efforts in programming, incentives, and other resourcing to support the creation of more secure software.

In April of 2022, LF Research and its partners fielded a survey comprising 539 open source software maintainers and core contributors and qualitative interviews from a subset of those individuals. This report identifies the most acute software security development gaps and challenges, including at the organizational level, where policies requiring security protocols are in short supply, and dependencies are not effectively managed. 

Authors

  • Linux Foundation Research Team
  • Foreword by Brian Behlendorf, General Manager, Open Source Security Foundation

Additional Resources

Our Team

Filter by: