True or False – What do you Know about Open Source Components in Software Development

January 29, 2015 Neta Weinryb

Open source components are free to use

True! But they come with an attached license, that requires their users  to adhere to certain terms and conditions. A license can be simple and permissive - there’s even one called WTFPL (What The F*** You Want Public License) – but other licenses impose significant restrictions on how the  open source component may be used.

Open source components are bug-free

False! Open source is just like any other software: it has bugs and security vulnerabilities. The nice thing about open source is that there’s a community behind it, using, testing and releasing patches and new versions. All you have to do is make sure you know about these vulnerabilities on time.

Open source components are risky to use

False! As long as you take good care of them – make sure you know what you are using, keep track of security vulnerabilities and new versions, and do what the license term requires you to do – using open source is safe. Check out our research on this.

It’s not too hard to list the open source components we use; and update the list as we go.

False! The tricky part is listing dependencies. Dependencies are open source components that are used by other open source components. Most organizations will list the components they use directly, but it is almost impossible to track all the components these components rely on.

It is only possible to automatically track open source components in Java

False! Open source component management should and can be done for all programming languages – including C/C++, C#, Ruby, Python and more.

Previous Article
Developing software for financial institutions? Top 5 mistakes engineering executives make when it comes to managing open source
Developing software for financial institutions? Top 5 mistakes engineering executives make when it comes to managing open source

Financial institutions are demanding customers. They are highly regulated and closely monitored. Software...

Next Article
As you know, we had a great 2014.

Read here our press release on the subject.      

Our Open Source Security Annual Report

Read More