There’s no debate about the value of using open source software (OSS) when building new business applications—cost, flexibility, quality and ease of use, to name a few—but its use comes with legal obligations and security vulnerabilities that can pose significant risks to organizations. To effectively pre-empt such risks, proactive OSS management is essential. To this end, conducting an audit of the use of OSS code can help companies get a handle on the emerging risk areas.
The typical, modern software application is comprised of more than 50 percent open source code, while at the same time, surveys show that the vast majority of teams disclose no open source use. This disconnect between the industry’s major dependency on OSS and the lack of knowledge of the OSS in use leads to two types of risks. The first is a security risk due to potential vulnerabilities that have been introduced through the use of a third-party component. The second is the legal risk of not following the compliance obligations present in the same software.
