Open Source and the Software Supply Chain: A Look at Risks vs. Rewards
Published: March 01, 2013 04:52
For most of its history, software has been written - applications consisted primarily of custom developed code and internally developed components with only a small fraction of code sourced from outside the organization. Development efforts followed a “waterfall” methodology and projects spanned months or even years. The widespread use of cloud-based infrastructures and the rise of open-source technologies during the past decade have heavily influenced the software development landscape with startups and established organizations demanding increased flexibility and improved time to value in the way software is developed and delivered. As a result, modern software development and the resulting software supply chain have become increasingly component-based, where applications are assembled from existing components rather than written from scratch. Enterprise applications today are typically built using 75% to 80% open source components , with custom code comprising the rest. So, what does today’s software development landscape look like at what are the risks to the software supply chain?