How Can We Make Sure We’re Using High-Quality Open Source Components?

Way back in the day (in software production speak that means three years ago), professionals in our ecosystem were still going back and forth about free and open source software vs. proprietary. Which is better? Which is safer? Which will cost you less in the long run?

For the most part, that raging debate has quieted down.

At this point, we can all agree that organizations have a lot to gain by using open source components, and the questions that are keeping many R&D, legal and security teams awake these days are how to stay secure and compliant.

One aspect that many development teams seem to be marginalizing or even overlooking is an open source component’s quality and what qualifies a component to be of high quality over one that does not.

How can we ensure that the components we are using will provide stability and consistency under pressure?

Looking for Quality in Open Source Components

In a recent webinar with Microsoft and Forrester, WhiteSource polled a group of nearly 200 R&D leaders and influencers from a variety of tech organizations about their open source practices and concerns. One of the questions that we asked participants was what most concerned them about using open source. The results tell us a lot about how the community views priorities regarding open source usage. Nearly 53% said they worry about security issues, 38% said licensing was most concerning, and merely 8% admitted to worrying about quality.

The concern over security is quite understandable, and it’s good to see that application security, prevention, and remediation are on everyone’s mind.

However, it’s not clear why quality is underestimated or even overlooked by so many industry leaders. Does this mean they have complete faith in the open source development community to create only the best (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Blog – WhiteSource. Read the original post at: