DEV Community


Posted on

Maintaining Products having Open Source components

Open Source Software (OSS) components are used in almost every software now a days. It gives us a flexibility to choose, reduce the development time and efforts.

The flip side of using an OSS component is that, it may have security vulnerabilities which makes the application using such component vulnerable to security threats.

Apart from vulnerabilities, each OSS comes with its own license which is mostly free for commercial use. But some components comes with licenses that may force you to publish your code as open source if you consume their component. Which most of the commercial software provider is not intended to do. The license also dictates the terms of its use so the consuming software must comply with that.

And finally the OSS component itself could be made from other OSS component so the vulnerabilities in the used component may impact the main component itself. It is important that the OSS component itself is maintained properly.

In order to maintain the Products or components using Open Source Software, it is important to keep a track of the OSS components and the vulnerabilities in them. The list of components having security vulnerabilities should be updated with the latest version. The license of OSS component should be checked and complied with.

Many companies are using the OSS components But very less are aware of the concerns around them. But Once we start acknowledging and taking steps of tracking them to closure, the benefits of using OSS certainly outweighs the effort of maintenance.

Top comments (0)