Open source has been crucial to the software development process. According to the software security corporation, 10 out of 7 lines of code on an application consists of open source which includes jQuery that constitutes of the 55% of the codebases and others like Bootstrap and font awesome with the percentage of 40 and 31 respectively.
However, the negligence in updating and securing have raised alarming concerns. According to the analysis of 1,250 profit-oriented code bases 91% of their components were found either outdated or abandoned. As a consequence, the applications were incompatibility and unoperational. 75% of these code bases are susceptible to more vulnerabilities with an increase of 15% in 2018. Since, the role played by open source in software development is tremendous, often its risk to the security and license compliance of applications is disregarded.
Furthermore, another exasperating issue that software developers are facing is the copyright law compliance as it was found that 73% of code bases have license conflicts or no license at all.
Synopsys has offered some suggestions to alleviate these problems. These suggestions include for the developmental teams to compile a perfect software inventory which should contain all the details of all the open source components including their versions being used. It’s also important to keep this Inventory up to date so that any vulnerabilities can be detected.
It’s essential for the software development teams to have a predefined plan of policies to manage the open source components along with having a vigilant monitoring of the open sources to look for any threats or vulnerabilities. It might also be helpful to hire a group of capable individuals to audit the code. Lastly, it is also recommended for the entire functioning team to come together, regardless of their specialty, to contribute to the open source community.