Used by developers around the world, open source components makes up 60%-80% of the codebase in modern applications. Open source components are downloaded thousands of times per day to create applications for organizations of varying sizes and across all industries.
But despite the continuously growing adoption there are still myths to dispel and concerns to mitigate around the usage of open source components in commercial software. The following is a list of the top concerns associated with open source usage and how to overcome each one of these stumbling blocks:
#1 Open Source is Not Secure
Though progressively less of a concern to software executives and developers, there are still those in the non-development space who fear open source’s lack of a strong central management leads to a less secure code. Those that worry about the way open source projects are managed, lack the tools to ensure proper vulnerabilities detection and concern themselves with illmanaged processes of code reviewing. Some view the abundance of vulnerabilities that go unnoticed in open source projects as testament to the lack of a “mother and father” to bear responsibility for the code, which places too big of a burden on the shoulders of adopting organizations.
Mostly Fiction: Let’s be very clear here, open source is as secure or as unsecure a code as proprietary. It’s all a matter of how it is used and managed.
The one valid concern about open source’s security issue is that once a vulnerability is found in an open source component it becomes public knowledge and at the fingertips of hackers to abuse. A proper monitoring system that notifies of vulnerabilities in real-time and allows for quick and effective remediation takes the sting right out of the “unsafe” claims and makes it much harder for hackers to attack.
*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Anat Richter. Read the original post at: https://resources.whitesourcesoftware.com/blog-whitesource/6-open-source-software-security-concerns-dispelled