{"id":2336,"date":"2020-03-24T03:36:14","date_gmt":"2020-03-24T00:36:14","guid":{"rendered":"http:\/\/kusuaks7\/?p=1941"},"modified":"2023-12-25T11:58:29","modified_gmt":"2023-12-25T11:58:29","slug":"manage-open-source-software-licences-to-reduce-risk","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/bigdata-cloud\/manage-open-source-software-licences-to-reduce-risk\/","title":{"rendered":"Manage open source software licenses to reduce risk"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tWhile open source isn\u2019t inherently riskier than proprietary code, open source software can become a vulnerability when it isn\u2019t managed properly.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tSo said Brent Pietrzak, senior VP and general manager at open source software scanning, installation and monetisation company, Flexera\u2019s supplier division in his comment on the launch of the company\u2019s\u00a02020 State of Open Source License Compliance<\/a>\u00a0report.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tNoting that open source usage continues to grow, he emphasised the importance of software suppliers, their stakeholders,\u00a0partners\u00a0and customers knowing exactly what and how much open source is in use.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tTo give an indication of just how fast open source usage is increasing, Red Hat\u2019s\u00a02020 State of Enterprise Open Source<\/a>\u00a0report (based on 950 interviews with IT leaders worldwide, including non-Red Hat customers) found that 77% were planning to increase their use of enterprise open source software, up from 59% in the previous year\u2019s survey.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tAt the same time, proprietary software adoption was declining. Only 42% percent of respondents reported using proprietary software, down from 55% from the year before \u2013 and Red Hat anticipates that this will decline further to 32% in the next two years.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\u201cMaybe it doesn\u2019t surprise you that proprietary software is losing favour \u2013 expensive and inflexible proprietary software licenses result in high capital expenditures and vendor lock-in. However, the rate at which organisations are abandoning proprietary software is notable, especially given how slowly\u00a0change\u00a0usually comes to the enterprise software space,\u201d Gordon Haff, a technology evangelist at Red Hat wrote in the report.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Under-reported open source usage<\/strong><\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tAccording to Flexera, open source users often under-report open source usage, resulting in licence compliance issues and vulnerabilities being present in their applications.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tIts latest report is based on an evaluation of 121 audit projects involving 2.6 billion lines of code from around the world. This uncovered over 80 000 issues. Compared to its 2019 report, the average number of issues per project jumped over 80%, with one issue discovered for every 32 600 lines of scanned code.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tOnly one percent of the issues that were uncovered during the audit process were disclosed to the Flexera audit team prior to the start of the audit.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tIn addition, 17% of the issues were rated Priority 1 \u2013 issues that pose a critical threat that requires immediate remediation.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\u201cThe increase in the number of issues uncovered per audit project, as compared to 2019 data, emphasises the value of having a formal open source management strategy for the entire supply chain,\u201d Pietrzak said.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tPart of managing open source software risk was managing licence compliance.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\u201cThe governance of open source licensing is key to a healthier and more secure application development lifecycle. It is not in anyone\u2019s best interest to contradict the licence terms associated with open source and inadvertently expose the company to a higher potential for risk,\u201d wrote the authors of the Flexera report.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nOrganisations need to\u00a0implement\u00a0policies and processes\u00a0to track what they use, understand their legal obligations for\u00a0using code, and have a more\u00a0complete picture\u00a0 of their state of open source license\u00a0compliance and security, the report concludes.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Part of managing open source software risk was managing licence compliance. The governance of open source licensing is key to a healthier and more secure application development lifecycle. It is not in anyone’s best interest to contradict the licence terms associated with open source and inadvertently expose the company to a higher potential for risk. While open source isn’t inherently riskier than proprietary code, open source software can become a vulnerability when it isn’t managed properly.<\/p>\n","protected":false},"author":544,"featured_media":8247,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[187],"tags":[95],"ppma_author":[3207],"class_list":["post-2336","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bigdata-cloud","tag-big-data-amp-technology"],"authors":[{"term_id":3207,"user_id":544,"is_guest":0,"slug":"marilyn-de-villiers","display_name":"Marilyn Villiers","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","user_url":"","last_name":"Villiers","first_name":"Marilyn","job_title":"","description":"Marilyn de Villiers is a Freelance writer and editor."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/544"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=2336"}],"version-history":[{"count":6,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2336\/revisions"}],"predecessor-version":[{"id":35173,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2336\/revisions\/35173"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/8247"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=2336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=2336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=2336"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=2336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}