11 Apr Reducing Risk – Why Open Source Software (OSS) Governance Matters
Almost every company uses some amount of software. That software is typically a mix of commercial, proprietary, and open source software (OSS). Using OSS comes with many significant advantages:
- Speeds software delivery
- Reduces development costs
- Increases quality
- Community of experts if issues arise
Despite these significant advantages, using, integrating and redistributing OSS in your products and services can add complexities and risk from:
- Unmanaged use
- Non-compliance with OSS licenses
- License conflicts
- Unknown versions of software/licenses
In general, few companies today manage use of OSS by their developers. There is a lack of policy and process within the ecosystem. Many companies aren’t fully aware of the OSS that exists in all their codebases, and to what extent.
Common Concerns with OSS in Organizations:
- Lack of formalized governance
- Process does not exist for intake or use of software
- No formal integration exists with other Development/ Engineering centers
- Tools for detecting presence of OSS are often not in place
- The average OSS BoM represents a small fraction of what is actually being used
A comprehensive OSS program can mitigate these risks by establishing a strategy that includes policies for use of open source. This will enable the company to leverage the benefits of open source, while restricting behaviors that expose the company to risk. Formal processes will enable developers to make informed decisions about OSS risk, empowering your organization to balance the business benefits with the right amount of risk management.
OSS Engineering Consultants can help organizations of all sizes design, implement and manage OSS governance programs at scale. Contact us to learn more.