Top 3 Open Source Risks and How to Beat Them – a Quick Guide

In the olden days, organizations were wary of using open source code when developing software products. Their legal teams didn’t want to deal with open source licensing and copyright chaos. Execs looking at the bottom line were extremely averse to the combination of the words “free” and “software” when it came to selling their wares, terrified at the prospect of allowing the general public access to glimpse behind the curtain and see what ingredients went into their secret sauce.  

We’ve come a long way since then. Open source software components are a part of practically every development team’s standard practice, and most organizations’ offering to their customers throughout all industries and verticals. The numbers speak for themselves: today, open source software components compromise between 60% to 80% of most organizations’ code base.

Keeping Your Open Source Software Components Risk-Free

As much as we love the benefits of using open source software components, they still come with risks. Let’s be honest, proprietary software has its own set of issues, but we’re here to better understand open source risk.

In order to ensure the security, quality, and compliance of the open source components that we use and ultimately, the products that we ship, we must address the risks that come along with open source software usage and the measures that we need to take to avoid them.

Open source components are available on numerous online repositories, and developers have no way of knowing their level of quality or safety. When organizations don’t invest in managing their open source usage, they put themselves at risk, and might end up paying for it down the road when fixing mistakes becomes far more costly.

Open source software usage presents legal, engineering, and security challenges, and when organizations aren’t on top of the quality (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Patricia Johnson. Read the original post at: