Open Strategizing: Key Considerations for an Open Source Strategy

As with most technological advances that were once new on the scene, the story of open source’s rising star has its origins in academic and community ideas of resource sharing. It grew on the concepts from the old school hacker ethos of collaborative production and free access to code, that boldly went against the grain of proprietary code creation. Brave developers who “ventured west”, tapping into the unknown terrain of third party contribution and integrating it into the holy grail of their proprietary code.

The open-source-first movement turned a corner somewhere circa 2015, establishing itself as an industry standard that was adopted by the large corporates like Google and Facebook who chose to engage more broadly with the open source community to make their products more robust. By 2018 it is unarguably the default choice of software production.

As any project that matures to obtain mainstream status, the open source community needed to adopt a new approach that would fit its growing popularity. A “grown up” approach meant that a strategy needed to be established for the use of open source, as well as ways to monitor the components used, track bugs in the code, and offer fixes.  

These days development teams are under orders to create a strategy for their open source usage to keep their products secure and compliant. They need to establish a policy that will encompass all aspects of open source usage, from selecting components,integration with their proprietary code, to bug detection and license management.

No longer a lone cowboy choosing open source components seemingly at random with no regard for checking vulnerabilities or if they were using the right licenses, no deep-dive into dependencies, no strings attached, companies across all industries are ushering in the age of the “Open Source Programs Offices’ that (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Anat Richter. Read the original post at: