In the last decade, the use of Open Source Software has changed. A decade or so ago, you knew exactly what was being written and used in your software application development because employees were responsible for the building and, every once in a while, the management of a few third-party components.
Today, however, is a very different story. Because of the availability of millions of free open source components, the volume of third-party components used has increased significantly. In fact, up to 50% of the code found in commercial software packages is made up of open source or commercial components. Along with that use comes the onus to understand legal, security and compliance obligations. In the banking and finance industry, with regulation and enhanced compliance oversight, and the responsibility of managing sometimes trillions of dollars for customers and stakeholders, it’s critical to have a complete view of OSS use and the inherent associated risks. In other words, make the “great unknown” known.
Solutions like FlexNet Code Insight are the answer to taking control of your Open Source Software vulnerability management. In addition to the right technology to help you with reducing security risks and handling licensing and compliance, there are organizational steps you can take to not just manage your vulnerabilities, but take advantage of the benefits provided by OSS, including the cost savings:
- Create an educational program for all levels in the organization
- Develop an Open Source Review Board to set policy
- Establish best practices including knowing and following through on OSS obligations
For more detail on risk management related to OSS in the banking and finance industry, be sure to read Software CEO’s Unfamiliarity with Open Source and Third-Party Use Places Banking and Financial Sector Businesses at Risk.