Though open source software (OSS) helps software suppliers be nimble and
build products faster - report reveals hidden software supply chain risks
all software suppliers and IoT manufacturers should know about.
Key insights in the Flexera Open Source Risk – Fact or Fiction?
-
- No OSS Policy is Bad Policy: Only 37 percent of respondents have an open source acquisition or usage policy.
-
- 63 percent say either their companies don’t have an open source acquisition or usage policy, or they don’t know if one exists.
-
- No One’s in Charge of OSS: 39 percent of respondents said that either no one within their company is responsible for open source compliance – or that they don’t know who is.
-
- OSS Contributors Aren’t Following Best Practices: 33 percent or respondents say their companies contribute to open source projects.
- Of the 63 percent who say their companies don’t have an open source acquisition or usage policy, 43 percent said they contribute to open source projects.
“The only thing worse than being hacked due to a vulnerability you wrote, is being hacked due to a vulnerability YOU didn’t write. Managing your dependencies is your first line of defense against other people’s defects especially in the interconnected open source development world we live in.”
Nisheeth Bhakuni
