Our last webinar on the top open source trends of 2015 was more surprising than most, as our audience not only reinforced what we’re seeing with our customers, they also blew our expectations out of the water. The results of one of our audience polls says it best:
Do you have a process in place to manage security vulnerabilities?
Yes – 0%
No – 100%
Given the number of attendees, this was really surprising! Perhaps the result of a “trust in open source” mentality or simply the fact that many organizations don’t know how to detect, triage, and fix security flaws in an efficient manner, this result did reinforce the need for smart, yet flexible, open source management practices.
We’ll fix it when we get there
As covered in the webinar, OSS enters organizational code bases in a number of ways, including your supply chain, internal developers, and other, less obvious methods (8:20 in the webinar). The biggest challenge organizations face, aside from technical issues, is knowing where open source code is and how it’s being used. It’s not that much of a stretch to think how easy it is for any developer to introduce OSS into the code base but it can be quite difficult to adopt processes and tools that minimize the associated risks.
Take the Cisco example that was presented (25:50), where valuable IP was lost due to a case brought against the company by the Free Software Foundation alleging violation of the GPL license. Cisco settled and released source code into the wild, essentially giving away proprietary capabilities for free. License obligations can be difficult for any company, as some open source projects have nested licenses or are managed by different licenses that can conflict with each other. The Free Software Foundation, for example, considers the Apache License incompatible with GPL 2.0. Automating the discovery of both known and unknown open source in your repositories is key to understanding where the potential risks are, and the webinar explains four steps on how to get that comprehensive view (22:30).
Another significant trend we covered was the growing adoption of open source support, specifically for enterprise teams (28:40). As OSS doesn’t come with commercial support or formal training, who do you call when mission-critical applications go down or when developing an architecture? Adopting commercial-grade, 24 x 7 support is easier than you think and we explained what that means in the webinar.
As the idea of open source support is new to many, we’ll dive deeper into the questions, statistics, and use cases for support in our next webinar on December 17th – register now and get the data you need to justify adopting it within your organization.