Securing Free/Libre and open-source software (FLOSS) is a big deal and The Linux Foundation wants to know exactly how programmers are dealing with security issues. In an effort to gain insight on the topic, the Linux Foundation and Harvard have announced a new Linux and open-source contributor security survey.
Except for the desktop, Linux and open-source run the IT world. With great power comes great security responsibilities. While open-source security issues can be overstated, the simple truth is antique, insecure open-source software is everywhere. The Linux Foundation knows this. To address it, the Foundation's Core Infrastructure Initiative (CII) and the Laboratory for Innovation Science at Harvard (LISH) have developed a survey for FLOSS contributors.
This builds on top of their "Vulnerabilities in the Core, a preliminary report and Census II of open-source software." The study laid out a methodology for understanding and addressing open-source software structural and security complexities. Specifically, it also identifies the most commonly used FLOSS components in production applications and examines them for potential vulnerabilities.