In the past few years, we’ve all seen major cybersecurity drama like Log4J and SolarWinds shake up the open-source world. ProGet’s been on this, with features like vulnerability scanning. But those headlines? They made us feel it’s time to kick our security game up a notch.

So, we’re planning to roll out ProGet 2024 packed with even better security tools. We also recently launched Inedo Security Labs, our Vulnerability and Malicious Package Database for ProGet. And just last quarter, we conducted a big survey on OSS security to learn from users and beyond to help improve our products. This report is all about what we learned from that survey, and our plan to keep making open-source software safer for everyone.

We are thrilled to share some reflections and insights from our survey. Here is a sneak peek!

Most organizations don’t have dedicated teams or personnel to manage OSS vulnerabilities.

Most of Inedo’s customers (82.95%) manage OSS vulnerabilities as part of their broader responsibilities, indicating a trend towards integrating this task within existing roles rather than assigning dedicated personnel or teams.

70% of respondents manage OSS vulnerabilities as part of their broader responsibilities, indicating a trend towards integrating this task within existing roles rather than assigning dedicated personnel or teams. (82.95% of Inedo’s customers and 64.38% of other respondents.)

Nobody has the time or resources to manage vulnerabilities.

Respondents who aren’t Inedo’s customers predominantly face insufficient time or resources (69.74%) as their main challenge in managing OSS vulnerabilities, highlighting a significant operational burden across the industry.

In contrast, 38.87% of Inedo’s customers report no challenges, illustrating a stark difference in the effectiveness and challenges encountered in vulnerability management practices between the two groups.

Learn more in the 1st annual report

These are just 2 of the 57 questions that we asked. The 23-page report includes more findings.

Join our survey for the 2nd annual Software Supply Chain Security Report

We’re already looking forward to conducting this survey again next year. There are more areas we’d like to explore, especially regarding how AI/ML technologies are being used to enhance application security. Additionally, understanding your preferences between self-managed (self-hosted), cloud, and hybrid cloud solutions will be invaluable.

Your feedback is crucial to us. Not only does it help us understand the value this paper brings to you, but it also guides us in creating more relevant and impactful content in the future. We are eager to know what you think about the findings, how we can improve the next survey, and what questions you would like us to ask next time. Your input will directly influence our future surveys. We are ambitious about expanding our reach, and more participants to broaden our insights.