In detailing the “Five Traits of a Transformative CIO,” first on the consulting firm McKinsey Digital’s list was that such CIOs are business leaders who take responsibility for initiatives that generate revenue.In the quest to generate more revenue, it’s a good practice to make sure there aren’t any sources in IT and MIS processes where there is unintentional monetary loss – or revenue leakage.And leading CIOs are finding that best practices adopted around open source software use and governance are paying dividends in terms of shoring up places where money could be lost.Open source software (OSS) brings tremendous benefits in terms of speed and scale – and can bring enormous cost savings to organizations (the Linux Foundation says it can lower costs as much as 50%).But it also introduces revenue risk.Developers are crucial Ceske Online Kasino to ensuring that the same OSS strategies that provide these savings don’t concurrently expose the organization to revenue leakage.Without proper governance and tools to track components and automate security updates, OSS can expose the organization to risk in a couple of ways.For one thing, the Software Bill of Materials (SBOM) for many applications has increased from a couple hundred components to thousands.If everything isn’t properly licensed and attributed, the organization could have to pull back releases because of legal action.What’s more, potential security vulnerabilities in the code (which Forrester says are up 50% year over year) present risk internally and propagate that risk outside of the organization’s four walls.Without the proper level of OSS discovery, developers could unintentionally release products with unknown security issues.This could include software that has an outdated or vulnerable version of an OSS component which has not been properly patched and which continues to move through the supply chain.Customers using the software in their products expose themselves and their customers to the same vulnerabilities and so on.All of it comes with risks of monetary and reputation costs to the organization and prevents developers from focusing on their key objectives– developing innovative features and building exceptional software.Scanning OSS code and generating an SBOM as early in the process as possible helps minimize the exposure window from vulnerabilities and reducing the cost of remediation.Forrester data shows that organizations that scan less than three times a year have flaws that persist 3.5 times longer than those who scan seven to 12 times a year.These Software Composition Analysis (SCA) tools also help ensure that all OSS components are properly licensed and that organizations are compliant with the associated license obligations.SCA tools easily integrate into the engineering tool chain to actively monitor the SBOM for changes, alert developers to non-compliant items and new security vulnerabilities and automatically initiate the remediation or patching of vulnerable code.The obligation fulfillment process is supported as well via generation of third-party notices and delivery of compliance artifacts with each release.By ensuring that the open source components they’re using to build products are secure, up to date, properly licensed and attributed, developers do more than protect the organization from all sorts of monetary and reputation risk borne of open source security vulnerabilities. Køb Viagra til kvinderThey build a strong case for using open source software to create amazing products in a faster, safer and more cost effective manner.This strengthens open source strategy in the organization, empowers developers to put innovation first and build confidence in their work and propagate trust across the organization and through the software supply chain.Get started and “Proactively Plug Your Revenue Leaks” (the first step of which is checking out our recent webinar for more information on how).
Top 10 Posts
- What is Software Composition Analysis?
- Open Source Software Licensing: Not everything is as it seems.
- Let’s Talk Open Source Trends (A 2020 Early Look)
- SBOMs: It’s All About Transparency into the Complexity of Your Software
- The Role of OpenChain Conformance
- Everything Your Business Needs to Know About SBOMs
- How the U.S. Executive Order Is Shaping the Software Supply Chain Going Forward
- June Newsletter: The Latest Buzz in Software Composition Analysis Professional Services
- What’s Trending with SBOMs, Developers, and Code Scanning
- Spring4Shell: Deep breath. Don’t panic. Mitigate.
- Log4j: Come out, come out wherever you are!
- Open Source: Trouble because of sudden license changes
- The story behind colors.js and faker.js
Tweets by Revenera
The ability to report on, visualize, and integrate usage data is the key to actionable insights. Watch Revenera's VP, Product Management, Software Monetization, Vic DeMarines, and discover how software suppliers leverage software usage data.
Software usage data is critical to making an informed roadmap and customer lifecycle decisions. In this discussion, Dan Barrett and Michael Goff of Revenera dive deeper into what's relevant for desktop applications when it comes to analytics.
An expert roundtable on the latest software piracy and license compliance stats and trends features Revenera's Vic DeMarines, ANAND AND ANAND's Shantanu Sahay, and IPnovus Law's Jolanta Kaminskaite cover strategies for approaching software monetization.
New product announcement! Introducing SBOM Insights. Gain intelligence with our SaaS solution for SBOM management. SBOM Insights expands the level of transparency in your software beyond the code under your control. Learn more below.
Revenera launches a new Software Composition Analysis solution for the creation, aggregation and management of Software Bill of Materials. Learn more about this exciting development and what it means below.