In detailing the “Five Traits of a Transformative CIO,” first on the consulting firm McKinsey Digital’s list was that such CIOs are business leaders who take responsibility for initiatives that generate revenue.In the quest to generate more revenue, it’s a good practice to make sure there aren’t any sources in IT and MIS processes where there is unintentional monetary loss – or revenue leakage.And leading CIOs are finding that best practices adopted around open source software use and governance are paying dividends in terms of shoring up places where money could be lost.Open source software (OSS) brings tremendous benefits in terms of speed and scale – and can bring enormous cost savings to organizations (the Linux Foundation says it can lower costs as much as 50%).But it also introduces revenue risk.Developers are crucial Ceske Online Kasino to ensuring that the same OSS strategies that provide these savings don’t concurrently expose the organization to revenue leakage.Without proper governance and tools to track components and automate security updates, OSS can expose the organization to risk in a couple of ways.For one thing, the Software Bill of Materials (SBOM) for many applications has increased from a couple hundred components to thousands.If everything isn’t properly licensed and attributed, the organization could have to pull back releases because of legal action.What’s more, potential security vulnerabilities in the code (which Forrester says are up 50% year over year) present risk internally and propagate that risk outside of the organization’s four walls.Without the proper level of OSS discovery, developers could unintentionally release products with unknown security issues.This could include software that has an outdated or vulnerable version of an OSS component which has not been properly patched and which continues to move through the supply chain.Customers using the software in their products expose themselves and their customers to the same vulnerabilities and so on.All of it comes with risks of monetary and reputation costs to the organization and prevents developers from focusing on their key objectives– developing innovative features and building exceptional software.Scanning OSS code and generating an SBOM as early in the process as possible helps minimize the exposure window from vulnerabilities and reducing the cost of remediation.Forrester data shows that organizations that scan less than three times a year have flaws that persist 3.5 times longer than those who scan seven to 12 times a year.These Software Composition Analysis (SCA) tools also help ensure that all OSS components are properly licensed and that organizations are compliant with the associated license obligations.SCA tools easily integrate into the engineering tool chain to actively monitor the SBOM for changes, alert developers to non-compliant items and new security vulnerabilities and automatically initiate the remediation or patching of vulnerable code.The obligation fulfillment process is supported as well via generation of third-party notices and delivery of compliance artifacts with each release.By ensuring that the open source components they’re using to build products are secure, up to date, properly licensed and attributed, developers do more than protect the organization from all sorts of monetary and reputation risk borne of open source security vulnerabilities. Køb Viagra til kvinderThey build a strong case for using open source software to create amazing products in a faster, safer and more cost effective manner.This strengthens open source strategy in the organization, empowers developers to put innovation first and build confidence in their work and propagate trust across the organization and through the software supply chain.Get started and “Proactively Plug Your Revenue Leaks” (the first step of which is checking out our recent webinar for more information on how).
Top 10 Posts
- What is Software Composition Analysis?
- Open Source Software Licensing: Not everything is as it seems.
- Let’s Talk Open Source Trends (A 2020 Early Look)
- June Newsletter: The Latest Buzz in Software Composition Analysis Professional Services
- What’s Trending with SBOMs, Developers, and Code Scanning
- Spring4Shell: Deep breath. Don’t panic. Mitigate.
- Log4j: Come out, come out wherever you are!
- Open Source: Trouble because of sudden license changes
- The story behind colors.js and faker.js
- The FTC’s warning to companies about the failure to protect against open source vulnerabilities
- Software supply-chain vulnerabilities: A close look on code
- What you need to know about the Log4j security vulnerability
- When is the right time to conduct an open source audit?
Tweets by Revenera
The Software Bill of Materials (SBoM) functions as the key artifact for open source governance. Since open source is becoming increasingly complex, it's vital that the SBOM is easy to protect and manage for all parties involved. Read more below.
#Code Insight helps empower your organization to manage open source software (OSS) and third-party components. Reduce your open-source security risks and manage license compliance with a robust, end-to-end system.
"The Product Manager’s Ultimate Guide to Successfully Transitioning to SaaS" is a must-read for software product managers tasked with implementing a SaaS product. The eBook covers a variety of topics relevant to transitioning to SaaS. Link down below.
Read the new IDC Perspective "The Monetization Eco-System - 2021 Edition." New monetization eco-systems are evolving to help software companies sell at the right price and deliver specific customer insights that drive product development.
"If what we’re looking for is consistent innovation on behalf of our customers, we need to architect a team topology that makes knowledge reside in teams and not the heads of individuals."
Afonso Franco on navigating team topology: