“Expand Left” for Open Source Control in Change Environments

Before I get on with it, let me say that it is my sincerest hope that everyone is safe and managing as best as possible in a world turned upside down. Flexera has an amazing team and along with employee care, we are committed to maintaining customer focus. We are here for you.

We live in an era where adaptability is the new competitive advantage. The current environment is certainly an example where what companies do now to prepare for the future could make all the difference.

Change is – most certainly – inevitable. Some of the most successful software development companies at managing change have governance mechanisms such as processes and/or technology in place to serve as an enabler of change. And no infrastructure team is immune, including security and software engineering teams.

Immense times of transformation may call for a broader approach to devops security and open source license management, and a more modern environment that serves both the needs of the business as well as the developer in the trenches.

To support the business in change environments and maintain transparency and control of open source components, development teams can take what my colleague Alex Rybak, Director of Product Management, likes to call as an “expand left” approach. You’ve undoubtedly heard of “shift left” – scan software early in the development process to, shall we say, get a jump on finding and preventing issues. “Expand left” is the same concept, except that it’s not just a move to analyze software early, but to shift the focus to scan both early and often. Why?

Developer Focus

When it comes time to “right the ship” it’s all hands on deck. Strategy is set by leadership, but it’s up to infrastructure teams like engineering and security to decide how they will operate to execute and deliver on that strategy. Having the right tools and processes in place to enable developers to do what they do best and focus on high value projects that meet customer and business needs should be a priority. An “expand left” methodology sets them up for success throughout the development pipeline to manage open source security and license management. The sooner issues and vulnerabilities are identified the better, and then maintain that integrity throughout. Automating that process reduces manual efforts and allows developers to get to the business of innovating.

Manage Costs, Quality, and Security

It costs less to find and remediate issues early. One stat I saw from The Economic Impact of Inadequate Infrastructure for Software Testing noted a 10X increase in the costs of fixing problems post-release than if identified early in the development pipeline. Costs increased linearly over the application lifecycle.

Identifying issues early and managing software component issues throughout the process is more cost effective, produces higher quality applications, and more secure solutions.

One note? Open source ages like milk – not wine – so monitoring post review is just as important, again supporting the “engage left” approach to scan, monitor, and fix throughout the process.

Next Steps

“The only thing constant is change.” Can’t say it enough. It’s how we flex, shift and prepare for change that separates us from everyone else.

  • Step One: Start planning now to implement an “engage left” strategy if you haven’t already and consider automating open source scanning.
  • Step Two: Develop an approach that developers can get behind; one that will provide engineering teams with the peace of mind and support needed to allow them to focus on innovative, high quality, and secure solutions.
  • Step Three: Don’t drag your feet. Managing change environments sometimes means getting there first. Take it for granted that your competitors are looking at markets and considering how they can get ahead of industry changes.

“Engage left.” Low risk. High benefits.

I wish you and yours safety and good health in the weeks ahead.

Tags: , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *