Many of today’s hottest new enterprise technologies are centered around open-source technology. The software industry used to be one where almost every line of code was home grown. Today over half of a software product is open source – developed outside the organization.
As 143 million Equifax consumers continue to pick up the pieces from stolen Social Security numbers and other personal information, the lack of security and compliance practices around open source software assets is in the limelight once again. Flexera surveyed over 400 software suppliers, Internet of Things (IoT) manufacturers and in-house development teams to publish its Open Source Risk – Fact or Fiction? report. Though open source software helps software suppliers be nimble and build products faster – the report reveals hidden risks all software suppliers and IoT manufacturers should know about.
Open source code is everywhere, but do you know the risk?
While as much as 50 percent of all code found in commercial and IoT software products is open source, according to the report:
- No OSS Policy is Bad Policy: Only 37 percent of respondents have an open source acquisition or usage policy.
- No One’s in Charge of OSS: 39 percent of respondents said that either no one within their company is responsible for open source compliance – or that they don’t know who is.
- OSS Contributors Aren’t Following Best Practices: 33 percent or respondents say their companies contribute to open source projects.
“We can’t lose sight that open source is indeed a clear win. Ready-to-go code gets products out the door faster, which is important given the lightning pace of the software space,” said Jeff Luszcz, Vice President of Product Management at Flexera. “However, most software engineers don’t track open source use, and most software executives don’t realize there’s a gap and a security/compliance risk.”
Report takeaway for software and IoT companies? Your processes for managing open source security and licensing haven’t kept pace with open source’s rapid adoption – and it’s putting you and your customers at risk.