Source: thenewstack.io
How to Standardize Open Source Procurement and Lower Risk (Without SlowingCategory: Software, Business, Database, Security
Open source is the modern development platform — with one recent study showing that 92% of applications contain open source dependencies. Open source is freely downloadable, easy to use, gives developers flexibility and choices — and yet, enterprises are still struggling with a major issue: ensuring that open source components are secure, maintained, and kept up-to-date.
Because open source code is free to download, it bypasses the normal procurement process enterprises use that are designed to evaluate questions of security, credibility, and standards for vendors the business chooses to trust.
After adopting an open source component, you’re faced with the following options to maintain it: Your development team assumes the responsibility of keeping it secure and maintained, which takes time away from the important work that is specific to your business.
The first option is to devote a team of developers to research and recommend open source components that meet a standard set of criteria acceptable to the organization.
Because open source code is free to download, it bypasses the normal procurement process enterprises use that are designed to evaluate questions of security, credibility, and standards for vendors the business chooses to trust.
After adopting an open source component, you’re faced with the following options to maintain it: Your development team assumes the responsibility of keeping it secure and maintained, which takes time away from the important work that is specific to your business.
The first option is to devote a team of developers to research and recommend open source components that meet a standard set of criteria acceptable to the organization.
Related Articles
Community Partners
DevOps Careers