The advantages of open source are broadly supported by its longevity and potential. Engineering, security, and legal teams are compelled to manage open source use today to better prepare for tomorrow.
Don’t let the term “manage” turn you away. The business of technology is evolving at an incredible pace. Disruption is inevitable and open source innovations are front and center. “By failing to prepare, you are preparing to fail.”* Open source management is really about creating a well-defined open source strategy and empowering organizations to continue to successfully leverage open source now and in the future.
Data pointing to our dependency on open source helps emphasize the criticality of implementing a formal open source management structure. I recently helped write the annual Open Source License Compliance Research Report working with Flexera’s audit services and product management teams. The report outlines key insights into open source license compliance and security. Here’s just a snapshot.
What You Don’t Know
The Flexera audit team found only 1 percent of the issues eventually uncovered during the audit process were disclosed prior to audit start.
It’s important to have a firm grasp on all open source use in your software supply chain, including what’s coming from third-parties. This requires a formal strategy to scan, track and remediate OSS license compliance and risk. What you don’t know can hurt you.
Keeping it Real
Fact. Open source is a big deal. Alexa, TensorFlow, and Facebook’s M are all now open source technologies. AI, machine learning, the IoT, blockchain, and big data analytics are all emerging open source innovations.
The tech industry is being “remade” and open source plays a starring role. It’s not surprising that Flexera found a 21% increase in binaries year-over-year. With so many companies dependent on open source and the sheer volumes of third-party software being used knowingly or unknowingly, it makes sense to implement continuous scanning and monitoring throughout the software development lifecycle (SDLC) to manage license compliance, IP and security risks, and maintain code quality and data integrity.
What Are You Waiting For?
I encourage you to read the 2020 Open Source License Compliance Research Report and begin to think through the role open source plays in your organization today. What can you do to continue to enable future success? Establish a foundation that will help you, your teams, and your company to be a positive influence in this age of technological disruption.