How Open Source Software Achieves the Benefits of Collaboration Without the Vulnerabilities
Two years ago, Gartner predicted that the majority of mainstream IT organizations would leverage significant elements of open source software by 2016, but most would fail to effectively manage the risk versus the return on investment.
Just past the mid-mark of 2016, Gartner’s prediction rings true. Many organizations have prioritized software development as a critical component of their business strategies. In its “2016 Future of Open Source Survey,” Black Duck Software found that enterprise open source use and participation has reached an all-time high. Yet, the survey also noted that more than one-third of companies have no process for identifying, tracking or remediating known open source vulnerabilities.
So, the question remains: Do the benefits outweigh the risks?
The Value of Open Source Software
Technology in the form of mobile devices, big data and cloud solutions have changed the way enterprises do business, both internally and externally. These technologies are enabling enterprises to create differentiated and engaging experiences for customers while offering greater efficiency, agility and cost savings to the business.
In order to capitalize on these advantages, however, enterprises need the ability to rapidly develop and deploy software-based innovation. Not surprisingly, Gartner listed software-defined applications and infrastructure as a top-10 strategic technology trend last year.
Many enterprises and developers use open source software such as GitHub to build their software-defined applications. With GitHub and similar open source software libraries, enterprises can expand the depth and breadth of their development capabilities. External developers offer insights and advice that can improve the quality of the product and speed-to-market — giving enterprises a significant competitive advantage.
Security — The Black Cloud Over Open Source Software
While the collaboration between internal and external developers helps build better software-defined applications faster, it also means enterprises have more exposure to security vulnerabilities.
According to a Cybersecurity Ventures report on open source security, 40 percent of the 8,000 vulnerabilities disclosed last year were in open source projects. And some of these vulnerabilities, such as Heartbleed, remain problematic. Venafi states 74 percent of Global 2000 organizations remain vulnerable to Heartbleed.
A New, Secure Open Source Software Model
One way to avoid the risks of open source software development while still reaping its benefits is through the use of a cloud service such as open stack-as-a-service (OSaaS), which allows developers to code and work with an open source software and its collaborative development tools, but in a private environment with robust security capabilities.
In this arrangement, developers still have access to code collaboration, code reuse and review, but with the added benefit of being in a secure environment. Scanning capabilities, which can search for any vulnerabilities that may have been inserted during development, can add an additional layer of protection.
This type of solution provides enterprises with hybrid DevOps capabilities through dedicated and locally managed delivery model, allowing enterprise developers to build innovative cloud apps in a collaborative but secure environment.