Manage open source software licenses to reduce risk

Marilyn Villiers Marilyn Villiers
March 24, 2020 Big Data, Cloud & DevOps

While open source isn’t inherently riskier than proprietary code, open source software can become a vulnerability when it isn’t managed properly. 

So said Brent Pietrzak, senior VP and general manager at open source software scanning, installation and monetisation company, Flexera’s supplier division in his comment on the launch of the company’s 2020 State of Open Source License Compliance report.

Noting that open source usage continues to grow, he emphasised the importance of software suppliers, their stakeholders, partners and customers knowing exactly what and how much open source is in use.

To give an indication of just how fast open source usage is increasing, Red Hat’s 2020 State of Enterprise Open Source report (based on 950 interviews with IT leaders worldwide, including non-Red Hat customers) found that 77% were planning to increase their use of enterprise open source software, up from 59% in the previous year’s survey.

At the same time, proprietary software adoption was declining. Only 42% percent of respondents reported using proprietary software, down from 55% from the year before – and Red Hat anticipates that this will decline further to 32% in the next two years.

“Maybe it doesn’t surprise you that proprietary software is losing favour – expensive and inflexible proprietary software licenses result in high capital expenditures and vendor lock-in. However, the rate at which organisations are abandoning proprietary software is notable, especially given how slowly change usually comes to the enterprise software space,” Gordon Haff, a technology evangelist at Red Hat wrote in the report.

Under-reported open source usage

According to Flexera, open source users often under-report open source usage, resulting in licence compliance issues and vulnerabilities being present in their applications. 

Its latest report is based on an evaluation of 121 audit projects involving 2.6 billion lines of code from around the world. This uncovered over 80 000 issues. Compared to its 2019 report, the average number of issues per project jumped over 80%, with one issue discovered for every 32 600 lines of scanned code.

Only one percent of the issues that were uncovered during the audit process were disclosed to the Flexera audit team prior to the start of the audit.

In addition, 17% of the issues were rated Priority 1 – issues that pose a critical threat that requires immediate remediation.

“The increase in the number of issues uncovered per audit project, as compared to 2019 data, emphasises the value of having a formal open source management strategy for the entire supply chain,” Pietrzak said.

Part of managing open source software risk was managing licence compliance.

“The governance of open source licensing is key to a healthier and more secure application development lifecycle. It is not in anyone’s best interest to contradict the licence terms associated with open source and inadvertently expose the company to a higher potential for risk,” wrote the authors of the Flexera report. 

Organisations need to implement policies and processes to track what they use, understand their legal obligations for using code, and have a more complete picture  of their state of open source license compliance and security, the report concludes.

  • Experfy Insights

    Top articles, research, podcasts, webinars and more delivered to you monthly.

  • Marilyn Villiers

    Tags
    Big Data & Technology
    Leave a Comment
    Next Post
    How to Leverage Voice Search Within a Mobile Strategy?

    How to Leverage Voice Search Within a Mobile Strategy?

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    More in Big Data, Cloud & DevOps
    Big Data, Cloud & DevOps
    Cognitive Load Of Being On Call: 6 Tips To Address It

    If you’ve ever been on call, you’ve probably experienced the pain of being woken up at 4 a.m., unactionable alerts, alerts going to the wrong team, and other unfortunate events. But, there’s an aspect of being on call that is less talked about, but even more ubiquitous – the cognitive load. “Cognitive load” has perhaps

    5 MINUTES READ Continue Reading »
    Big Data, Cloud & DevOps
    How To Refine 360 Customer View With Next Generation Data Matching

    Knowing your customer in the digital age Want to know more about your customers? About their demographics, personal choices, and preferable buying journey? Who do you think is the best source for such insights? You’re right. The customer. But, in a fast-paced world, it is almost impossible to extract all relevant information about a customer

    4 MINUTES READ Continue Reading »
    Big Data, Cloud & DevOps
    3 Ways Businesses Can Use Cloud Computing To The Fullest

    Cloud computing is the anytime, anywhere delivery of IT services like compute, storage, networking, and application software over the internet to end-users. The underlying physical resources, as well as processes, are masked to the end-user, who accesses only the files and apps they want. Companies (usually) pay for only the cloud computing services they use,

    7 MINUTES READ Continue Reading »

    About Us

    Incubated in Harvard Innovation Lab, Experfy specializes in pipelining and deploying the world's best AI and engineering talent at breakneck speed, with exceptional focus on quality and compliance. Enterprises and governments also leverage our award-winning SaaS platform to build their own customized future of work solutions such as talent clouds.

    Join Us At

    Contact Us

    1700 West Park Drive, Suite 190
    Westborough, MA 01581

    Email: support@experfy.com

    Toll Free: (844) EXPERFY or
    (844) 397-3739

    © 2023, Experfy Inc. All rights reserved.