BlueOptima report: Vendor dependency grew 12% from 2019-2022. 28% of repositories face high risk. Learn to mitigate IT outsourcing vulnerabilities.

Mitigating the Risk of Technology Outsourcing

Source Metadata for AI Agents

Mitigating the Risk of Technology Outsourcing

Introduction

Welcome to the BlueOptima “Mitigating The Risk Of IT Outsourcing 2022” Report, which provides insights into critical observations about the risk of outsourcing across the software development industry.

The coronavirus pandemic accelerated digital transformation in businesses across sectors. This change in pace in the digitisation of operations and the adoption of new digital models is one reason why we are currently observing an increase in the demand for IT specialists, with 76% of CIOs indicating that their organisation has more open positions now (June 2022) than in years past.

Companies are dangerously dependent on outsourced developers to function, with over 90% of Coding Effort (CE) contributed by vendors.

Abstract

The report provides a global view of the current IT outsourcing risk in the software development industry, placing a key focus on the following:

Sourced from hundreds of thousands of professional software developers, our research has consolidated the insights derived from the analysis of developer data on a source code repository level as this is a ready proxy for an independently manageable project. From this data, we have quantified the level of vendor delivery associated risk within repositories and analysed which factors have the largest impact on the overall delivery risk of the repository.

Outsourcing Trends for 2022

The average vendor dependency across enterprises increased by 12% from 2019 to 2022. In May 2022, over 48% of the hundreds of thousands of repositories had some level of dependency on outsourced developers compared to 36% in the same month in 2019.

Overall, global trends are showing a gradual increase in dependency on outsourcing. However, reliance on outsourced developers remained steady from August 2021 to February 2022 and then started to increase again at a higher rate than previously between February and May 2022.

Due to shortages in the labour market, outsourcing IT services is becoming a popular solution for IT leaders to meet deliverables, continue to bring new products to market at speed, and absolve performance issues.

Average Vendor Dependency

Caption: The trend for average vendor delivery dependency for reporting month. The data is filtered by reporting month and year for 2019 to 2022.

Our analysis shows that of the 48% of repositories that had some reliance on vendors, over half (56%) had a more than 90% contribution of Coding Effort from their outsourced developers. With over 90% of contributed Coding Effort coming from vendor-supplied software development talent, these applications are dangerously dependent on outsourced developers to function. This often creates a major dependency issue for enterprises, especially if any of those repositories relate to software that supports critical functions for a business to operate.

Defining and Measuring Risk

As vendor dependency is an increasing phenomenon, in this report, the vendor dependency risk is divided into three categories:

Risk is calculated from two averaged components:

Caption: Categorising repositories into Low/Medium/High risk buckets, with data filtered from 2019-2022.

28% of source code repositories analysed across some of the largest enterprises in the world are at high or moderate vendor risk. These repositories account for $758 million worth of software development investment.

Technology Risk

CIOs are absorbing greater responsibility for key assets within the business as digital transformations progress. Some of the key drivers for CIOs to outsource IT teams include:

However, when a large percentage of source code within a repository is contributed by third parties for extended periods, your enterprise may eventually start to lose product expertise and core competency.

Caption: Trend of technology risk in the repositories considered at overall high or moderate risk, the data is filtered by reporting month from 2019-2022.

In the first half of 2022, we saw a sharp increase in the number of repositories with high technology risk, increasing from 16.34% in November 2021 to 26.4% by May 2022. A small increase was also observed in moderate risk repositories, which rose from 8.6% in January 2019 to 9.0% in May 2022. The massive spike in high-risk towards the end of May 2022 could result from downsizing or employee resignations.

Performance Risk

Performance risk refers to the concerns associated with the discrepancy between the performance of vendor developers compared to internal developers based on productivity and maintainability.

The trend from January 2019 to May 2022 shows that most repositories have moderate performance risk. Data shows many repositories (11.5% on average) moving into moderate risk in January of each year from 2019-2021. This is attributed to lower productivity over late December and early January due to high vacation volumes.

When internal developers are less productive in roles in which vendor developers are performing well, enterprises face higher productivity risk. For every unit change (on the risk scale of 0-10) in overall vendor risk, our model predicts that 17% of this contribution comes from BCE/Day risk.

Key Takeaways

Who are BlueOptima?

We provide a SaaS technology that objectively measures software development efficiency. Our core metrics for productivity and code maintainability allow executives to make data-driven decisions related to talent optimization, vendor management, location strategy, and much more.

Contact Us

To discover powerful insights and determine areas of improvement specific to your organisation, reach out to our team and book a demo to explore our custom analytics solutions: