TechDogs-"The Clear And Open Advantages And Threats Faced By Open-Source Software"

Software Development

The Clear And Open Advantages And Threats Faced By Open-Source Software

By TD NewsDesk

TD NewsDesk

Updated on Thu, Mar 2, 2023

Overall Rating
Over the last few years, global productivity and innovation have received a major boost thanks to open-source software. This entails free code sharing for developers to use, modify and redistribute software as a new bundle or even fix bugs in existing ones. It also benefits companies in personalizing software or editing it to use for added features or functions and better performance. It is believed that OSS (open-source software) has contributed immensely to the growth of the $475 billion global software industry.

According to the State of Open-Source Report (read here), an annual report prepared by Perforce Software and the Open-Source Initiative (OSI), open-source software saw an increase in usage in 80% of organizations for business-critical applications including DevOps, SDLC and data and database management.

In the report that lists the usage, adoption and challenges based on surveys from global organizations of a range of sizes from 20+ global industries, open-source software is viewed in a positive light. In the survey, 35% have security and compliance policies, 28% have legal teams well-versed with open-source licensing and more than 25% in most industries prepare an SBOM (Software Bill of Materials) which enhances transparency and security.

TechDogs-"Image Depicting The State Of Open-Source Report By Perforce Software And The Open-Source Initiative"

Source


However, open-source software comes with a series of challenges. Especially for data security. According to a report by Synopsys, even though 96% of software programs consist of open-source components in some form, 84% of codebases possess at least one threat point. These are shared amongst third-party applications and services present on-premises and cloud.

One of the main threats faced by open-source software is supply chain attacks. This is where a cybercriminal targets the maintainer of an open-source project and embeds their own malicious code into the program, which flows down to others downloading the software.

According to Dale Gardner (Senior Director, Analyst – Gartner), “From a supply chain perspective, it’s increasingly common to see malicious code introduced into open source — and that can be accomplished by compromising a legitimate project, or via a malicious project meant to confuse users into downloading counterfeit code that resembles a common project.”

TechDogs-"Screenshot Of Dale Gardner, (Senior Director, Analyst - Gartner)"
Additionally, he believes that organizations need to assess the risks associated with each project.
Speaking about it he said, “For example, does the project have a good track record for responding to problems, are the appropriate security controls in place, is the code up to date, and so on. And from a supply chain perspective, it’s not just open source with which we should be concerned — we’ve seen a number of cases where commercial code has been compromised.”

Another major concern is that third parties can make changes that create vulnerabilities.

Despite the threats faced, the open-source software market is on the rise, while experts and organizations look to identify security threats and reduce their downstream effects of it.

What do you think of the use of open-source software and what additional measures do you think should be taken to ensure further security? Let us know in the comments below!

First published on Thu, Mar 2, 2023

Enjoyed what you've read so far? Great news - there's more to explore!

Stay up to date with the latest news, a vast collection of tech articles including introductory guides, product reviews, trends and more, thought-provoking interviews, hottest AI blogs and entertaining tech memes.

Plus, get access to branded insights such as informative white papers, intriguing case studies, in-depth reports, enlightening videos and exciting events and webinars from industry-leading global brands.

Dive into TechDogs' treasure trove today and Know Your World of technology!

Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs’ members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs’ Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. All information / content found on TechDogs’ site may not necessarily be reviewed by individuals with the expertise to validate its completeness, accuracy and reliability.

Tags:

Open-source Open-source Software Cyber Criminals Cyber Threats State Of Open-Source Malicious Code

Join The Discussion

- Promoted By TechDogs -

The Brivo Partner Program