Flexera Director of Solutions Engineering, David McLoughlin is speaking at the FINOS flagship event, the Open Source Strategy Forum (OSSF) this November 20th in New York City. His talk "How Not To Be Tomorrow's Headline" warns that even though Open source enables organizations to spread their wings, explore, and easily scale solutions that drive true competitive advantage; in the words of Spiderman's Uncle - "With great power comes great responsibility." What follows is some primer material to his OSSF talk.
By David McLoughlin
Director, Solutions Engineering - Flexera
In the last decade, the use of open source software (OSS) has changed. A decade or so ago, you knew exactly what was being written and used in your software application development because employees were responsible for the building and, every once in a while, the management of a few third-party components.
Today, however, is a very different story. Because of the availability of millions of free open source components, the volume of third-party components used has increased significantly. In fact, up to 50% of the code found in commercial software packages is made up of open source or commercial components. Along with that use comes the onus to understand legal, security and compliance obligations. In the banking and finance industry, with regulation and enhanced compliance oversight, and the responsibility of managing sometimes trillions of dollars for customers and stakeholders, it’s critical to have a complete view of OSS use and the inherent associated risks. In other words, make the “great unknown” known.
In the past, vendors like Flexera were often accused of spreading fear, uncertainty and doubt around open source software. But today, more than ever, financial organizations understand that managing open source is about empowering their developers to develop software faster, innovate more and cut time-to-market. Without solid open source management systems in place approval, adoption, and safe use of third-party components can be hampered, taking away many of the advantages free and open software brings to the market.
Software Composition Analysis solutions are the answer to taking control of your open source software management. In addition to the right technology to help with license compliance and reducing security risks, there are organizational steps you can take to not just manage your vulnerabilities, but take advantage of the benefits provided by OSS, including the cost savings:
- Create an educational program for all levels in the organization
- Develop an Open Source Review Board to set policy
- Establish best practices including knowing and following through on OSS obligations
While managing risks may keep you from being tomorrow’s headline, in the end it is about enabling the overwhelming advantages of open source software in a safe and compliant manner.