Open source use isn’t risky, but unmanaged use of open source is.
Open source software forms the backbone of nearly every application in every industry. Chances are that includes the applications your company develops as well. If you can’t produce an accurate inventory of the licenses, versions, and patch status of the open source components in your applications, it’s time to assess your open source management policies.
This paper provides insights and recommendations to help organizations and their development and IT teams better manage the open source risk landscape. It covers:
- Open source license risk and the need to identify and catalog open source licenses.
- Security risk that comes with open source use and inadequate vulnerability management.
- Operational open source risk, version control, and the dangers of using inactive components.