True! But they come with an attached license, that requires their users to adhere to certain terms and conditions. A license can be simple and permissive – there’s even one called WTFPL (What The F*** You Want Public License) – but other licenses impose significant restrictions on how the open source component may be used.
False! Open source is just like any other software: it has bugs and security vulnerabilities. The nice thing about open source is that there’s a community behind it, using, testing and releasing patches and new versions. All you have to do is make sure you know about these vulnerabilities on time.
False! As long as you take good care of them – make sure you know what you are using, keep track of security vulnerabilities and new versions, and do what the license term requires you to do – using open source is safe.
False! The tricky part is listing dependencies. Dependencies are open source components that are used by other open source components. Most organizations will list the components they use directly, but it is almost impossible to track all the components these components rely on.
False! Open source component management should and can be done for all programming languages – including C/C++, C#, Ruby, Python and more.