Nearly 60% have no list of approved open source licenses.
Growing Opportunity for Policies and Procedures: Nearly 50% said these is no formal policy for selecting and approving open source code.
Existing Policies Rarely Enforced: Nearly 50% of respondents who have policies don’t enforce them or allow them to be bypassed.
Compliance is Erratic: Nearly 60% are not successfully providing information about licenses, security issues and software versions. Over 30% of respondents aren’t very successful at complying with associated licenses.
Code Reviews Are Rare: 90% never evaluate their code quality.
Source from BlackDuck