I told you a while back that open-source development methods and open-source software ruled the IT world. It's nice to know that what I saw as an individual was also clear to the corporate world. Black Duck, a leader in securing and managing open-source software, and North Bridge, an inception-to-growth venture capital firm, just released the results of their 10th Future of Open Source Survey. Guess what? They found open source is today's preeminent architecture. It's the foundation for nearly all applications, operating systems, cloud computing, databases and big data.

Black Duck

To be exact, the survey revealed that 65 percent of companies are using open source for development, while 55 percent are using it in their production infrastructure. Based on what I've seen, that's an underestimate. Even now many companies contain open-source skunkworks running production systems beyond the sight of CIOs and CFOs.

Black Duck and North Bridge survey results back me up on this:

50 percent of companies have no formal policy for selecting and approving open source code.

47 percent of companies don't have formal processes in place to track open source code, limiting their visibility into their open source and therefore their ability to control it.

More than one third of companies have no process for identifying, tracking or remediating known open source vulnerabilities.

Sure, some of that is just from CIOs giving sysadmins their head and telling them: "Sure, run Apache, OpenSSL, or Linux if it works and saves money." But, I'd bet real cash that there's also far too many IT managers who really don't know what's going on in their servers even today.

I mean, as good as open-source software is, it's not perfect. It, especially OpenSSL in recent months, has had real security problems.

Black Duck CEO Lou Shipley agrees. In a statement, Shipley said, "the rapid adoption of open source has outpaced the implementation of effective open-source management and security practices. We see opportunities to make significant improvements in those areas. With nearly half of respondents saying they have no formal processes to track their open source, and half reporting that no one has responsibility for identifying known vulnerabilities and tracking remediation, we expect to see more focus on those areas."

That's the bad news. The good news, as Shipley said, is that 10 years ago "hardly anyone would have predicted that open source use would be ubiquitous worldwide just a decade later, but for many good reasons that's what happened. Its value in reducing development costs, in freeing internal developers to work on higher-order tasks, and in accelerating time to market is undeniable. Simply put, open source is the way applications are developed today."

Out of the companies surveyed, a whopping 90 percent reported that they rely on open source for improved efficiency, innovation, and interoperability. The most compelling reasons cited in the survey for use of open source included flexibility and freedom from vendor lock-in, competitive features and technical capabilities, ability to customize, and overall quality.

Thus, Paul Santinelli, general partner at North Bridge, noted, "Open source today is unequivocally the engine of innovation, whether that's powering technology like operating systems, cloud, big data or IoT, or powering a new generation of open source companies delivering compelling solutions to the market."

Some people still ask: "How do you make money from open source?" These are people who clearly don't read the financial news. Hello! Red Hat just became a $2-billion-a-year company,

Looking ahead the survey reveals three business models which will generate the most revenue for open-source vendors in the next two to three years. These are Software as a Service (SaaS) (46 percent), Custom Development (42 percent), and Services/Support (41 percent).

In the venture world, Santinelli predicts "a new generation of open source companies pushing these models forward such as Acquia, Chef, Cloudera, Couchbase, Docker, and WP Engine. Over the coming years we fully expect open core to continue to build as a revenue model while reliance on SaaS as a business model decreases as it did for the first time this year."

Today and tomorrow we live in a business world driven by open source. Linux Foundation executive director Jim Zemlin likes to say, "Linux and open source is on the right side of history." He's right. It is.

Related Stories: