Regardless of the industry your business operates in, software is likely all around it. Software powers our cars, airplanes, and even the medical devices we rely on to diagnose and treat illness.

Software makes once-impossible things possible and once-difficult things easier. Software helps businesses in the oil and gas industries remove the guesswork and reduce the cost of finding new deposits; it helps patients safely and automatically inject life-saving medications like insulin.

The software we use today is more complex and more connected than ever before. The Chevy Volt electric automobile has 10 million lines of software code, which actually isn’t all that much compared to many new cars (as we’ll see later) but it’s significantly more than the 1.7 million lines of code in the F-22 Raptor fighter aircraft.

Software security, or rather the lack thereof, has become commonplace and an all too frequently recurring story in print and electronic media around the world. Just a single incident, such as the Target breach, which affected over 100 million people and cost Target an estimated $300 million, has the power to propel the subject of security from the world of IT professionals into the conversations of everyday people. Of course, there have been many incidents, pre- and post-Target. TJ Maxx, P.F. Chang’s, JPMorgan Chase, Snapchat, eBay, Home Depot, Staples... the list goes on and on and includes public, private, and government organizations.

While there’s no doubt that open source software (OSS) is here to stay, that doesn’t mean that developers can feel free to use all and any open source software components with no thought to the vulnerabilities and security issues they may introduce into their development projects. The fact is, there’s no such thing as bulletproof, bug-free, automatically license compliant, and easily auditable software. Not in the open source world and not in the commercial off the shelf (COTS) world.