Why don't we recommend open source software for businesses?

Although open source software (OSS) can help software vendors build products more flexibly, we believe that both software vendors and IoT manufacturers need to understand the risks hidden in the software supply chain. Why don’t we recommend it to businesses?

Known risks

For example, the Apache Struts CVE-2017-5638 vulnerability could have been exploited by criminals to gain access to Equifax customers’ personal data. Apache Struts, as you know, is a widely-used open source component-Web server framework that can be used to receive and serve business data in a company’s internal systems. At the end of the day, the open-source component has vulnerabilities that make it a prime target for cyber attacks.

Main findings

According to a new Flexera report, 50 percent of the code found in commercial and IoT software products is open-source. But only 37 percent of respondents said they had acquired and used open source software. Sixty-three percent said they didn’t acquire or use open source software, or didn’t even know it existed.

And few people are responsible for the security of open source software: 39 percent of respondents said that no one in their company is responsible for the security of open source software, or that they don’t know who is responsible.

In addition, contributors to open source software do not follow best practices: 33% of respondents said their companies have contributed to open source projects. However, 63 percent of respondents said their company has no open source procurement or use policy at all, and 43 percent said they themselves contribute to open source projects.

Either way, we can’t ignore that open source is an obvious shortcut. Jeff Luszcz, VP of Product Management at Flexera, said:

“Fully open source and accessible code enables quick access to products, which is important for the fast pace of software development.” “However, most software engineers do not track the use of open source in private, and the vast majority of software executives are unaware of gaps in security/compliance risks.”

In fact, security compliance, licensing and other procedures for using open source software may be more convenient than simply using it, but they are absolutely essential.

“Open source software security compliance processes can protect product and brand reputations. But most software and IoT vendors don’t realize there’s a problem, so they’re not protecting themselves and their customers,” “Vendors who expose product compliance and vulnerability risks, and customers who have no idea they are running open source and other third-party software, and may even contain vulnerabilities, can compromise the entire software supply chain,” Luszcz said.

Huidu control to provide more than one thousand kinds of legitimate software authorization, for your enterprise security to provide a full range of escort, with minimum investment to obtain risk-free return!

Huidu control | to provide software technology overall solution

Gathered in the world more than three thousand excellent controls, software products, to provide industry-leading consulting, training and development services enterprises QQ: 800018081 | tel: 023-68661681

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Why don’t we recommend open source software for businesses?

Why don’t we recommend open source software for businesses?

Related Posts

Full stack – 5 actual combat Journey to the West using word statistics

Why learn Python in 2018? Does Python still have a future?

[System reinstallation] Install Windows 10 Enterprise LTSC Compact operating system