For the most part, modern software is assembled, not written. More than
90 percent of a typical software application is comprised of third party
components, most of which are open source. Custom business logic comprises
the remaining 10 percent. This massive reliance on open source components
has created new challenges for managing software security, quality and
intellectual property. Organizations who rely on custom software are
increasingly seeking visibility and control to manage risk and maximize
benefit. But to properly manage open source components, you must know as
much as possible about them—starting with precisely identifying them.
Security, quality and licensing information is of little use if you
haven't precisely identified the component you are using. And, without
both accurate and actionable component information, developers are not
able to make the right component selection from the start. This paper
addresses the pros and cons of various methods used in open source risk
management/governance/logistics solutions and how they impact your
efficiency and accuracy.