Like everything else in the field of Information Technology, open source code has grown and evolved over the years.
In short, more and more companies are using open source code. They’re using open source components from a variety of different places, and they’re incorporating it more into their software products.
The reason is simple: open source code is free. As a result, it reduces an organization’s development costs, which increases its profitability.
However, while open source code can increase a company’s bottom line, it can increase that company’s security risk, as well.
That’s the conclusion drawn by a recent report by Black Duck Software titled, “The State of Open Source Security in Commercial Applications.” (Black Duck Software is a privately held software company headquartered in Burlington, Massachusetts that specializes in assisting companies to secure and manage their use of open source software.)
The report was based on an analysis of 200 software applications that researchers viewed over a six-month period. Below are some of the report’s major findings:
- Ninety-five percent (95%) of the software applications included open source code components.
- Sixty-seven percent (67%) of the open source components had unpatched vulnerabilities.
- Approximately 40% of the vulnerabilities qualified as “high severity.”
- Each software application contained an average of 105 open source components and 22 vulnerabilities.
So what’s the problem? The problem is that there are NO automatic patches for these vulnerabilities. The companies using the open source code that contain these vulnerabilities are solely responsible for finding them and patching them.
As a result, there are four things that organizations must do better:
- Be aware of what open source code their software applications contain
- Identify the vulnerabilities associated with that code
- Formulate a system for patching those vulnerabilities
- Create a process for managing their open source vulnerabilities going forward
This means that open source code is a great source of employment opportunities!
Organizations need employees that can help them successfully navigate open source practices in relation to their software applications. More importantly, they’re willing to compensate those employees quite well for doing so.
Are you looking for a new employment opportunity—in the field of open source code or otherwise? If so, then it’s time to start your job search by contacting The Doepker Group!
Click here to create a profile, upload your resume, and access our database of open positions.