Best Practice: Open Source Risk Management

Application producers have made great strides over the years improving quality, efficiency, and time to market. Product teams today are more agile and productive than ever before. These teams continually learn which processes work best and integrate these practices into the software product lifecycle.

As software development has evolved, so too has the use of open source software (OSS). Research has revealed that more than 50% of the code found in most commercial software packages shipped today is open source.  But many software vendors are aware of less than 10% of the OSS they use in their products.

We’ve all heard the stories about software products that had to be pulled right before they ship. Or the undiscovered software security vulnerability that put millions of users at risk. It’s time to add best practices around OSS to expose these risks with security and IP compliance upfront.

How Can I Improve?

If you’re using InstallShield or InstallAnywhere to build your installations, you can help prevent issues by adding FlexNet Code Aware into your process. Designed for software developers, FlexNet Code Aware is an automated open source risk assessment and package discovery solution that enables you to scan your products for security and intellectual property (IP) compliance risk.

By making FlexNet Code Aware a standard part of your build process, you will:

  • Perform automated scans of your products in seconds
  • Identify open source and third party packages and your level of operational risk
  • Set the foundation for a vulnerability-free build and a smooth, error-free installation

How Does It Work?

After you run your scan with FlexNet Code Aware, you are quickly provided with operational risk indicators including the number of open source packages identified with security vulnerabilities, intellectual property license compliance issues, and packages with copyright statements. You will also receive guidance for remediation of issues.

Because FlexNet Code Aware is an add-on to InstallShield or InstallAnywhere, system requirements are identical. Additionally, JRE8 is required for the FlexNet Code Aware scan.

As with any best practice, you will be able to get ahead of risks before they become issues.

What Else Can I Do?

To further reduce your risk, consider expanding the scope of analysis begun with FlexNet Code Aware to include all the files in your codebase (source, binaries, media and others). FlexNet Code Insight provides an end-to-end system for development, legal and security teams to set and manage policies for use of open source and third-party software.

It includes in-depth analysis, from package discovery to deep forensic analysis of source and embedded OSS and third-party content in binary files. With FlexNet Code Insight, you can quickly and continuously identify your open source use across all your products for ongoing security and risk management.

Get started with a free limited scan.


InstallShield® is the industry standard for development teams creating installers for Windows desktops, servers, and cloud platforms, and helps to prepare applications for emerging technologies like the Windows Store and Nano Server. Over 100,000 developers around the world trust InstallShield to develop EXE and MSI installers, create Universal Windows Platform (UWP) and Windows Server App (WSA) packages, and virtualize their applications with minimal scripting, coding, or rework. Get your free trial of InstallShield today or contact us for more information.

InstallAnywhere is the leading multiplatform development solution for application producers who need to deliver a professional and consistent cross installation experience for physical, virtual and cloud environments. From a single project file and build environment, InstallAnywhere creates reliable installations for on-premises platforms – Windows, Linux, Apple OS X, Solaris, AIX , HP-UX, and IBM iSeries – and enables you to take existing and new software products to a virtual and cloud infrastructure and build Docker containers.  Get your free trial of InstallAnywhere or contact us for more information. 

Leave a Reply

Your email address will not be published. Required fields are marked *