Security News > 2023 > February > The potential pitfalls of open source management

The potential pitfalls of open source management
2023-02-23 04:00

The findings of the report deliver an in-depth look at the current state of open source security, compliance, licensing, and code quality risks in commercial software with the goal of helping security, legal, risk, and development teams better understand the open source security and license risk landscape.

"An increase in the average number of open source components rising 13% in this year's audits further reinforces the importance of implementing a comprehensive SBOM that lists all open source components in your applications their licenses, versions, and patch status. This is a foundational strategy towards understanding and reducing business risk by defending against software supply chain attacks," Schmitt continued.

A five-year overview of OSSRA data shows dramatic growth in open source use: The global pandemic contributed to the EdTech sector's adoption of open source, which grew by 163%, with educational courses and instructor/student interactions increasingly pushed online.

Use of open source components with no licenses puts organizations at greater risk of violating copyright law than those using licensed components: The report found that 31% of codebases use open source with no discernable license or with customized licenses.

The lack of a license associated with open source code, or a variant of another open source license may place undesirable requirements on the licensee and will often require legal evaluation for possible IP issues or other legal implications.

"The key to managing open source risk at the speed of modern development is maintaining complete visibility of application contents," said Mike McGuire, senior software solutions manager within the Synopsys Software Integrity Group.


News URL

https://www.helpnetsecurity.com/2023/02/23/open-source-management/