Over 3,000 corporate email addresses compromised. Private SSH keys and passwords publicly disclosed. Major systems outages every few weeks (here and here and here). No, those are not the news from some dubious shopping site. But from a site supposed to manage intellectual property (IP), in form of software code.
As Gartner points out, enterprises already ‘speak of being uncomfortable with what is perceived as a larger possibility for loss of source code’ when it comes to Git. Certainly headlines like the ones above are not helpful, when it comes to building trust for Git with decision makers.
And while the aforementioned issues by and large pertain to particular hosting and business practices, other issues are more fundamental, such as GitHub’s lack of means to easily identify trusted identities (as pointed out by Linus Torvalds).
Sure, consumer plays may not translate to enterprises. And those issues may have nothing to do with open-source Git. However, FUD (fear, uncertainty, doubt) can easily overshadow clear decision making in security- and compliance- conscious enterprises. And perception easily can become reality.
That’s despite the reality of Git increasingly being (very much) ‘ready for the enterprise’. Thanks to recent innovations such as TeamForge history protection and Gerrit-powered access control management, organizations can start embracing Git, even alongside proven SCM tools like Subversion.
The good news is, the tides might be starting to change. As the 2012 Eclipse Survey points out, there is a lot of internal Git usage already, be it on ‘bare metal’ or in the private cloud. And true enterprise-grade datacenters like CloudForge are fulfilling the stringent certifications like SSAE 16 SOC II, FISMA and ISO27001.
So, after-all (with CollabNet) several of the world’s largest organizations (including in finance, federal and hi-tech) already have successfully migrated to Git – without having to compromise security or up-time.