Open source software (OSS) gives access to a never-ending amount of external development resources. Developing any application, it is simply more efficient to reuse building blocks from others than having to write everything yourself - a necessity for most organisations.
Businesses should see the open source they depend on as a valuable resource - that requires management.
Using OSS to build applications allows access to additional developer resources and expertise that wouldn’t otherwise be available. The downside - you have no direct influence over the persons behind the component or their actions. And there is no reason to blindly trust them.
For internal development resources the norm is to spend time and money hiring the best candidates and continuously invest in their skills and performance.
Businesses need to echo some of that effort spent finding the right in-house talent into safe use of open source - instead of taking it for granted.
If you’re not working with software development or open source in your day-to-day work, then perhaps the analogy in the title is not self-explanatory. Not to worry, let’s walk through it.
Today there is no need to start from scratch every time you are to deliver a feature. There are millions of already finished components ready to be used - and they are only a few letters on the keyboard away from being nested in your application and inside your environments.
What makes something open source is that the source code for all these components is freely available to everyone and anyone, to view, duplicate, work on etc. That means that as long as you adhere to licenses of components, you can use them in your applications to serve your needs.
- 99% of projects use open source components to some extent.
- An astonishing 70% of all code used to run applications are open source.
When your application utilize external dependencies you’ll depend on developers who you can exert no direct control over. Without control, how do you know whether the open source components in your codebase are being maintained and adhere to your security guidelines?
Core components of your business are probably relying on components that your dev team has never reviewed or seen the insides of.
Let that sink in. Eye opening, isn’t it?
And to be clear, open source is a positive thing. We wholeheartedly support it and use it every day in our own apps. But like most things in life it needs some safeguards to make sure everyone is playing by the rules.
Using a particular open source component extensively? Consider supporting it! Sponsor, buy the developers some coffee or spend some development time on improving it.
Not everyone can be an expert - and fortunately you don’t have to be. Committing to safe use of open source can be as simple as supporting the right process and tools for your organisation. Tooling that:
- Keeps track of the open source software used
- Identifies for security threats - and keeps potential issues out
- Highlights issues early- for easier and more cost-effective remediation
Bytesafe identifies all the components your team is using and keeps track of them for you. Your supply chain is kept secure as part of the firewall where threats are automatically quarantined. And all issues are highlighted for you - accessible to all team members.
Thanks for reading!