While the first step in any open source project is to understand your bill of materials, many companies have yet to create "health checks" that identify the components that are in the software they are building and buying.
Here's the issue: Software is complex. It gets developed by teams of engineers who use a variety of open source libraries for whatever functionality they need. Even though they download and incorporate them into the software, their use is not always reported or documented somewhere. Though it is possible to ask a developer for a list of what they are using at that point in time, without an automated way to collect information as it is implemented, it can get lost.
But if enterprises continue to adopt open source as a business model — according to a recent report from Veracode, 95% of IT organizations rely on open source software — they need to focus on strategies to alleviate the "technical debt" involved. In other words, how can they lessen or avoid the additional rework associated with an open source business model?
Begin HereOrganizations should start by identifying which open source and commercial libraries and which versions of those libraries they are using, said Chris Eng, chief research officer at Veracode.
"The problem is that multiple development teams are spread out across the organization, which can s ..
Support the originator by clicking the read the rest link below.
