Many open source management practices are ineffective, resulting in unnecessary risk, too much work and undue cost, survey finds
A recent WhiteSource survey of over 120 R&D managers, information security managers, legal experts and compliance professionals examined how companies manage open source with regard to license risks and compliance, as well as security vulnerability management.
The research shows that while virtually all developers use open source extensively, and while most companies spend substantial resources on managing their open source inventory (often implicitly), this effort is largely ineffective, resulting in unnecessary risk, as well as too much work and undue cost.
“The numbers reported in our survey are probably skewed upward quite substantially because they were taken from companies that exhibit interest in this subject. Many companies spend significant efforts tracking open source usage. These efforts are usually manual and laborious, done by the wrong people (developers), often at the wrong time (in the crunch of a release or OEM/M&A transaction), and are therefore very expensive and extremely ineffective. Most importantly, judging by the results, they simply do not do the job.” said Rami Sass, Co-Founder and CEO of WhiteSource.
“New technologies such as WhiteSource make it easy to continuously track open source usage, and automatically enforce licensing and security policies. WhiteSource plugs into the build server and becomes a native part of the software development lifecycle without burdening developers. New open source modules are discovered as soon as they are added by developers. Their licenses (and those of all of their dependencies) are automatically compared to the company licensing policies, initiating the appropriate approve/reject workflow if necessary. WhiteSource continues to track each open source in use, and will proactively notify each project manager in case of new vulnerabilities or patches”. He added
WhiteSource provides easy-to-use solutions for managing the usage of open source components by developers,to ensure license compliance and reduce security and quality risks.
WhiteSource easily plugs itself into the software development lifecycle, and automatically detects new open source components as soon as they are being entered by developers. Thereafter, WhiteSource continuously provides (1) comprehensive and up-to-date open source inventory reports (down to the last dependency); (2) license risks analysis and compliance reports; and (3) proactive alerts on security vulnerabilities whenever discovered, as well as available fixes.
WhiteSource is easy to setup, requires no training to use, and completely removes the burden from developers. The service is affordable to companies of all sizes. For more information, visit: www.whitesourcesoftware.com.