Top 5 mistakes engineering managers make when managing open source usage

May 12, 2015 Rami Sass

Open source is now an important part of any software product.

But when it comes to managing the use of open source, organizations make several mistakes.

Here are the top 5:

 #5: Ignoring dependencies   

Everybody knows about it and yet it is convenient  

to forget: libraries use other libraries that use

other libraries...and so when you use a library

you are responsible for its license, and the

licenses of all the libraries that it uses,

and the licenses of the libraries that they use…

you get the point.

 #4: Not checking for library updates   

The great thing about open source is that there’s an entire community out there using, QA-ing and fixing whatever’s necessary.

But do you remember to check for updates on the libraries you use?


 #3: Forgetting to look up security alerts   

Security alerts for the libraries you use are constantly published and updated, as are the fixes for those vulnerabilities. 

Are you staying on top of it all?

Once a month is not enough when it comes to security vulnerabilities: if an open source library  

you use is vulnerable, then your entire product is vulnerable.

#2: Trying to do it all with a spreadsheet 

Really? A spreadsheet (while cheap) is something you need to remember to update and make your  

programmers  update. Using it means that you all spend time on checking for dependencies,  

 looking for updates, security vulnerabilities…

Not as cheap as it seems, right?

 #1: Doing it only when you have to (or every 6 months)   

Just imagine: preparing a nice open source report for an important customer (or an acquirer), and  

discovering that someone decided to use a piece of open source code with extremely restrictive license.  

So now everything that you’ve built for the last 4.5 months (that is when this piece of open source became part of your product) needs to be rearranged so it can work without said piece of code.


Avoiding all these problems is easy.

Want to see how?

Join us for a workshop or a demo, or just start using our solution to see how effortless managing open source can be.

Previous Article
5 Common Pitfalls to Avoid When Managing Application Lifecycle (ALM)
5 Common Pitfalls to Avoid When Managing Application Lifecycle (ALM)

Managing application lifecycle management (ALM) can be very challenging. Successful ALM can help the entire...

Next Article
3 Reasons Why Open Source Software is More Secure than Commercial Software
3 Reasons Why Open Source Software is More Secure than Commercial Software

The use of open source components is booming. According to analyst firms such as Forrester, Gartner, and 45...