KEMBAR78
Open source code | PPTX
Intetics, profile picture
Uploaded byIntetics
PPTX, PDF448 views

Open source code

The document discusses the use of open source code in software development, highlighting the prevalence of its usage and the associated risks, such as license violations and security vulnerabilities. It outlines three key problems and provides recommendations on managing these issues, including scrutinizing libraries, tracking software versions, and engaging with open source communities. Final recommendations emphasize the importance of documenting, regulating, and auditing open source components regularly.

Download to read offline
Intetics Inc. www.intetics.com intetics@intetics.com Office: +1-239-217-4907 Open Source Code In Product Development Best Practices And Risk Mitigation
© Сopyright, 1995-2020 2 Modern software development involves the increased use of open source code 72% of organizations make non- commercial use of open source code and 55% use it for commercial product development But it’s crucial to make sure every component is well scrutinized before it’s integrated into your project Open source code in product development
© Сopyright, 1995-2020 3 3 key problems related to the use of open source code Violation of license agreement for commercial uses Use of outdated open source components causing vulnerability risks Use of libraries without community support How to manage these issues?
© Сopyright, 1995-2020 4 Problem 1 – Violation of license agreement for commercial uses Using unlicensed open source сode is unsafe. You might end up violating intellectual property rights or bringing security vulnerabilities and risks into your project, which can translate into financial and legal consequences.
© Сopyright, 1995-2020 5 1 Document the use of all third-party resources on the project Although it requires time and resources, you get to know where all your open source elements come from. 2 Import libraries only after getting approval from the project tech lead Solution - Watch out for hidden inconsistencies
© Сopyright, 1995-2020 6 Problem 2 – Use of libraries without community support A lot of open source code libraries might often fail to comply with security standards, work incorrectly with other open source components, be out-of-date or have no license at all.
© Сopyright, 1995-2020 7 1 Start with scrutinizing the library component you need: сheck its license, source and version before you use it. 2 Try to only use libraries from official sites, and if possible, do not import code manually Solution - Check the origin of the libraries you use
© Сopyright, 1995-2020 Problem 3 – Use of outdated open source components causing vulnerability risks 91% of product development projects use outdated open source components, thus jeopardizing project security significantly. 82% of codebases have four-year-old parts and 88% have had no add-ons during the last two years. 8
© Сopyright, 1995-2020 9 Solution - Track the software versions you use 1 Be sure the software you use is brand new and receives vendor support and upgrades In case you work with different frameworks, check that all libraries work together correctly. 2 Choose automated open source code assessment tools to verify the relevance of code elements A top-notch tool automatically tracks possible vulnerabilities in open source code and spots issues on time.
© Сopyright, 1995-2020 10 Final recommendations Inventory your open source components Create policies for your development and legal teams to regulate every open source activity in the project Keep on auditing your open source code regularly to detect and troubleshoot issues on time Engage in open source communities
© Сopyright, 1995-2020 11 TETRA Not confident about the product quality and wish to scrutinize your open source components? Go for a large-scale software project assessment! The TETRA platform can help you uncover technical debt and get an in-depth analysis of code quality, as well as useful ideas for solving your burning issues. TM
12 Thank you! Intetics Inc. 10001 Tamiami Trl N, Suite 114 Naples, Florida 34108 United States www.intetics.com intetics@intetics.com Office: +1-239-217-4907

More Related Content

PDF
TETRA
byIntetics
 
PDF
SFO15-TR7: OSS License Compliance
byLinaro
 
PDF
OpenChain Continual Improvement Case Studies
byShane Coughlan
 
PDF
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
byShane Coughlan
 
PDF
Osborne Clarke - OpenChain - FOSSmatrix
byShane Coughlan
 
PPTX
Free and Open Source Software - Challenges for the Automotive Supply Chain
byShane Coughlan
 
PPTX
OpenChain Webinar #11 - cii-bp-badge-intro
byShane Coughlan
 
PDF
SFScon21 - Cédric Thomas - The OW2 Market Readiness Levels method. A tool for...
bySouth Tyrol Free Software Conference
 
TETRA
byIntetics
 
SFO15-TR7: OSS License Compliance
byLinaro
 
OpenChain Continual Improvement Case Studies
byShane Coughlan
 
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
byShane Coughlan
 
Osborne Clarke - OpenChain - FOSSmatrix
byShane Coughlan
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
byShane Coughlan
 
OpenChain Webinar #11 - cii-bp-badge-intro
byShane Coughlan
 
SFScon21 - Cédric Thomas - The OW2 Market Readiness Levels method. A tool for...
bySouth Tyrol Free Software Conference
 

What's hot

PDF
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
byBlack Duck by Synopsys
 
PDF
Webinar–The 2019 Open Source Year in Review
bySynopsys Software Integrity Group
 
PDF
OpenChain Automation Case Study - September to December 2021
byShane Coughlan
 
PDF
Webinar–You've Got Your Open Source Audit Report–Now What?
bySynopsys Software Integrity Group
 
PDF
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
bySynopsys Software Integrity Group
 
PDF
Leveraging Open Source Opportunity in the Public Sector Without the Risk
byProtecode
 
PPTX
Leveraging Open Source Opportunity in the Public Sector Without the Risk
bySource Code Control Limited
 
PDF
Webinar–What You Need To Know About Open Source Licensing
bySynopsys Software Integrity Group
 
PPTX
Software Audit Strategies - How often is good enough for a software audit?
byTiberius Forrester
 
PDF
What does open source mean for the institutional web manager?
byIWMW
 
PDF
Exploring Open Source Licensing
byStefano Fago
 
PDF
Webinar–That is Not How This Works
bySynopsys Software Integrity Group
 
PDF
Samsung & The Path to Open Source Leadership (OBC)
bySamsung Open Source Group
 
PPTX
Why is Open Source Important to Samsung and What Are We Doing About It?
bySamsung Open Source Group
 
PPTX
OpenChain Automation Case Study - September to December 2021
byShane Coughlan
 
PDF
Reliable Engineering for InsurTech StartUps
byFortifier. IT Company
 
PDF
Webinar–The State of Open Source in M&A Transactions
bySynopsys Software Integrity Group
 
PPTX
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
byShane Coughlan
 
PDF
Open source technology, freeware drone (by Joris Krüse)
byVerhaert Masters in Innovation
 
PPT
The Case for Continuous Open Source Management
byBlack Duck by Synopsys
 
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
byBlack Duck by Synopsys
 
Webinar–The 2019 Open Source Year in Review
bySynopsys Software Integrity Group
 
OpenChain Automation Case Study - September to December 2021
byShane Coughlan
 
Webinar–You've Got Your Open Source Audit Report–Now What?
bySynopsys Software Integrity Group
 
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
bySynopsys Software Integrity Group
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
byProtecode
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
bySource Code Control Limited
 
Webinar–What You Need To Know About Open Source Licensing
bySynopsys Software Integrity Group
 
Software Audit Strategies - How often is good enough for a software audit?
byTiberius Forrester
 
What does open source mean for the institutional web manager?
byIWMW
 
Exploring Open Source Licensing
byStefano Fago
 
Webinar–That is Not How This Works
bySynopsys Software Integrity Group
 
Samsung & The Path to Open Source Leadership (OBC)
bySamsung Open Source Group
 
Why is Open Source Important to Samsung and What Are We Doing About It?
bySamsung Open Source Group
 
OpenChain Automation Case Study - September to December 2021
byShane Coughlan
 
Reliable Engineering for InsurTech StartUps
byFortifier. IT Company
 
Webinar–The State of Open Source in M&A Transactions
bySynopsys Software Integrity Group
 
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
byShane Coughlan
 
Open source technology, freeware drone (by Joris Krüse)
byVerhaert Masters in Innovation
 
The Case for Continuous Open Source Management
byBlack Duck by Synopsys
 

Similar to Open source code

PDF
Webinar–2019 Open Source Risk Analysis Report
bySynopsys Software Integrity Group
 
PDF
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
bySynopsys Software Integrity Group
 
PDF
Strategies for Commercial Software Developers Using Open Source Code in Propr...
byMary Lou Wakimura
 
PDF
ProdSec: A Technical Approach
byJeremy Brown
 
PDF
Webinar–Open Source Risk in M&A by the Numbers
bySynopsys Software Integrity Group
 
PDF
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
byFINOS
 
PDF
Open source software 101: Compliance and risk management
byOsler, Hoskin & Harcourt LLP
 
PPTX
The Role of In-House & External Counsel in Managing Open Source Software
byFlexera
 
PDF
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
bySouth Tyrol Free Software Conference
 
PDF
Open Source and Secure Coding Practices
byAll Things Open
 
PDF
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
byBlack Duck by Synopsys
 
PDF
Security Introspection for Software Reuse
byIRJET Journal
 
KEY
Open Source Compliance at Twitter
byChris Aniszczyk
 
PDF
Myths and Misperceptions of Open Source Security
byBlack Duck by Synopsys
 
PDF
Software Mistakes and Tradeoffs 1st Edition Tomasz Lelek
bybooteampong
 
PDF
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
bySonatype
 
PDF
Building software: the lessons from open source
byArnaud Porterie
 
PDF
When Things Go Bump in the Night
byahamilton55
 
DOCX
Developing Mixed-Source Commercial Products - OSS Risks and Mitigation
byJim Markwith
 
PDF
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
byBlack Duck by Synopsys
 
Webinar–2019 Open Source Risk Analysis Report
bySynopsys Software Integrity Group
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
bySynopsys Software Integrity Group
 
Strategies for Commercial Software Developers Using Open Source Code in Propr...
byMary Lou Wakimura
 
ProdSec: A Technical Approach
byJeremy Brown
 
Webinar–Open Source Risk in M&A by the Numbers
bySynopsys Software Integrity Group
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
byFINOS
 
Open source software 101: Compliance and risk management
byOsler, Hoskin & Harcourt LLP
 
The Role of In-House & External Counsel in Managing Open Source Software
byFlexera
 
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
bySouth Tyrol Free Software Conference
 
Open Source and Secure Coding Practices
byAll Things Open
 
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
byBlack Duck by Synopsys
 
Security Introspection for Software Reuse
byIRJET Journal
 
Open Source Compliance at Twitter
byChris Aniszczyk
 
Myths and Misperceptions of Open Source Security
byBlack Duck by Synopsys
 
Software Mistakes and Tradeoffs 1st Edition Tomasz Lelek
bybooteampong
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
bySonatype
 
Building software: the lessons from open source
byArnaud Porterie
 
When Things Go Bump in the Night
byahamilton55
 
Developing Mixed-Source Commercial Products - OSS Risks and Mitigation
byJim Markwith
 
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
byBlack Duck by Synopsys
 

More from Intetics

PPTX
Examples of Selecting Technology and Designing Architecture.pptx
byIntetics
 
PDF
Mobile app-monetization-intetics-2020
byIntetics
 
PDF
Visual delivery-reconstruction-for-international Finance Centre
byIntetics
 
PPTX
Do not even try to be remote without these 6 principles!
byIntetics
 
PPTX
The Startup Lifecycle: How to Win at Each Stage
byIntetics
 
PPTX
How Centers of Excellence Can Change Your Business?
byIntetics
 
PPTX
Machine Learning
byIntetics
 
PDF
Cloud computing infographics
byIntetics
 
PPTX
Amazon Сloud Migration
byIntetics
 
PDF
IoT infographic
byIntetics
 
PDF
Robotic process automation (RPA) Infographic
byIntetics
 
PDF
Industry 4.0 infographic
byIntetics
 
PPTX
Industry 4.0
byIntetics
 
PDF
A brief history of software development methodologies
byIntetics
 
PDF
Tetra technical debt reduction platform
byIntetics
 
PPTX
The future of outsourcing in Belarus and Ukraine
byIntetics
 
PDF
A simple History of a Mobile Phone
byIntetics
 
PPTX
TDD & BDD as efficient practices of software development
byIntetics
 
PDF
What is Quality Assurance and why do you need that?
byIntetics
 
PDF
20 Years of Software Development at Intetics Inc
byIntetics
 
Examples of Selecting Technology and Designing Architecture.pptx
byIntetics
 
Mobile app-monetization-intetics-2020
byIntetics
 
Visual delivery-reconstruction-for-international Finance Centre
byIntetics
 
Do not even try to be remote without these 6 principles!
byIntetics
 
The Startup Lifecycle: How to Win at Each Stage
byIntetics
 
How Centers of Excellence Can Change Your Business?
byIntetics
 
Machine Learning
byIntetics
 
Cloud computing infographics
byIntetics
 
Amazon Сloud Migration
byIntetics
 
IoT infographic
byIntetics
 
Robotic process automation (RPA) Infographic
byIntetics
 
Industry 4.0 infographic
byIntetics
 
Industry 4.0
byIntetics
 
A brief history of software development methodologies
byIntetics
 
Tetra technical debt reduction platform
byIntetics
 
The future of outsourcing in Belarus and Ukraine
byIntetics
 
A simple History of a Mobile Phone
byIntetics
 
TDD & BDD as efficient practices of software development
byIntetics
 
What is Quality Assurance and why do you need that?
byIntetics
 
20 Years of Software Development at Intetics Inc
byIntetics
 

Recently uploaded

PDF
Beyond Generative AI: Creating Demand for Compute in the 2030s
byReidar Wasenius
 
PDF
A 4-Terminal Approach to Validating Charge Conservation in MOSFET Compact Models
byEalwan Lee
 
PDF
NSSHOEU-J 4x35mm² Cable Specification.pdf
byAnhui Feichun Special Cable Co., Ltd.
 
PDF
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
PPTX
BioVault.net ADW 2025 CODATA: SyftBox: a General Purpose Solution for Data Vi...
byMadhava Jay
 
PPTX
UiPath Automation Suite Installation (Hands-On) [2/3]
bysuhanisingh58689
 
PDF
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
PDF
The Journey Is The Reward - Apple Maps Travel Companion
byJohn Andrews
 
PDF
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
PDF
Ask Me Anything About AI Assist: Practical Answers for Real Workflows
bySafe Software
 
PDF
UnityNet Digital Sovereignty Checklist 2025-10-13
byLHelferty
 
PDF
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
PDF
AGV PROTOCOL BRAND KIT COMPLETE VIEW.pdf
byfagbolade
 
PDF
Unlocking Full-Stack Observability for AIOps: A Precisely Ironstream for Big ...
byPrecisely
 
PDF
2025 October Patch Tuesday
byIvanti
 
PDF
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
PDF
NDP Act GAID Simplified: From Confusion to Compliance
byMuiz Adeleke
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PDF
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
PDF
Dragino商品カタログ 2025.7 LoRaWAN・NB-IoT・LTE-M(LTE Cat.M1)対応センサーリスト
byCRI Japan, Inc.
 
Beyond Generative AI: Creating Demand for Compute in the 2030s
byReidar Wasenius
 
A 4-Terminal Approach to Validating Charge Conservation in MOSFET Compact Models
byEalwan Lee
 
NSSHOEU-J 4x35mm² Cable Specification.pdf
byAnhui Feichun Special Cable Co., Ltd.
 
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
BioVault.net ADW 2025 CODATA: SyftBox: a General Purpose Solution for Data Vi...
byMadhava Jay
 
UiPath Automation Suite Installation (Hands-On) [2/3]
bysuhanisingh58689
 
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
The Journey Is The Reward - Apple Maps Travel Companion
byJohn Andrews
 
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
Ask Me Anything About AI Assist: Practical Answers for Real Workflows
bySafe Software
 
UnityNet Digital Sovereignty Checklist 2025-10-13
byLHelferty
 
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
AGV PROTOCOL BRAND KIT COMPLETE VIEW.pdf
byfagbolade
 
Unlocking Full-Stack Observability for AIOps: A Precisely Ironstream for Big ...
byPrecisely
 
2025 October Patch Tuesday
byIvanti
 
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
NDP Act GAID Simplified: From Confusion to Compliance
byMuiz Adeleke
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
Dragino商品カタログ 2025.7 LoRaWAN・NB-IoT・LTE-M(LTE Cat.M1)対応センサーリスト
byCRI Japan, Inc.
 

Open source code

  • 1.
    Intetics Inc. www.intetics.com intetics@intetics.com Office: +1-239-217-4907 OpenSource Code In Product Development Best Practices And Risk Mitigation
  • 2.
    © Сopyright, 1995-20202 Modern software development involves the increased use of open source code 72% of organizations make non- commercial use of open source code and 55% use it for commercial product development But it’s crucial to make sure every component is well scrutinized before it’s integrated into your project Open source code in product development
  • 3.
    © Сopyright, 1995-20203 3 key problems related to the use of open source code Violation of license agreement for commercial uses Use of outdated open source components causing vulnerability risks Use of libraries without community support How to manage these issues?
  • 4.
    © Сopyright, 1995-20204 Problem 1 – Violation of license agreement for commercial uses Using unlicensed open source сode is unsafe. You might end up violating intellectual property rights or bringing security vulnerabilities and risks into your project, which can translate into financial and legal consequences.
  • 5.
    © Сopyright, 1995-20205 1 Document the use of all third-party resources on the project Although it requires time and resources, you get to know where all your open source elements come from. 2 Import libraries only after getting approval from the project tech lead Solution - Watch out for hidden inconsistencies
  • 6.
    © Сopyright, 1995-20206 Problem 2 – Use of libraries without community support A lot of open source code libraries might often fail to comply with security standards, work incorrectly with other open source components, be out-of-date or have no license at all.
  • 7.
    © Сopyright, 1995-20207 1 Start with scrutinizing the library component you need: сheck its license, source and version before you use it. 2 Try to only use libraries from official sites, and if possible, do not import code manually Solution - Check the origin of the libraries you use
  • 8.
    © Сopyright, 1995-2020 Problem3 – Use of outdated open source components causing vulnerability risks 91% of product development projects use outdated open source components, thus jeopardizing project security significantly. 82% of codebases have four-year-old parts and 88% have had no add-ons during the last two years. 8
  • 9.
    © Сopyright, 1995-20209 Solution - Track the software versions you use 1 Be sure the software you use is brand new and receives vendor support and upgrades In case you work with different frameworks, check that all libraries work together correctly. 2 Choose automated open source code assessment tools to verify the relevance of code elements A top-notch tool automatically tracks possible vulnerabilities in open source code and spots issues on time.
  • 10.
    © Сopyright, 1995-202010 Final recommendations Inventory your open source components Create policies for your development and legal teams to regulate every open source activity in the project Keep on auditing your open source code regularly to detect and troubleshoot issues on time Engage in open source communities
  • 11.
    © Сopyright, 1995-202011 TETRA Not confident about the product quality and wish to scrutinize your open source components? Go for a large-scale software project assessment! The TETRA platform can help you uncover technical debt and get an in-depth analysis of code quality, as well as useful ideas for solving your burning issues. TM
  • 12.
    12 Thank you! Intetics Inc. 10001Tamiami Trl N, Suite 114 Naples, Florida 34108 United States www.intetics.com intetics@intetics.com Office: +1-239-217-4907