Open-source advocacy persists among IT leadership, despite encountering occasional security issues
In the ever-evolving landscape of software development, open source solutions have become a staple for many enterprises. According to an analysis by Wiz and EY, Log4j, a common dependency for numerous enterprise users, is found in over 90% of all cloud environments.
This widespread use of Log4j, a Java-based logging framework, highlights the significance of open source software in the enterprise. However, it also underscores a potential risk: enterprise users may unknowingly have vulnerabilities in their dependencies, which can pose problems once they deploy open source software.
To mitigate this risk, Software Bill of Materials (SBOMs) have emerged as a crucial tool. SBOMs enable the maintenance of a database of dependencies across open source software deployments, providing a comprehensive view of the software components used in an organisation's infrastructure.
With the move to open source not slowing down, IT leaders expect their share of proprietary software in use in their organisations to drop from 45% to 37% over the next two years. This shift is particularly noticeable in emerging technology workloads associated with artificial intelligence, edge computing, and containers.
The advantages of enterprise open source are manifold. The top security benefits include the ability to use well-tested code, the presence of well-documented security patches, and the prompt availability of patches when a vulnerability is found. When a vulnerability is discovered, IT leaders can search their SBOM database, see which software products are affected, plan a patch strategy, and assess if any vendors have been slow to respond.
However, SBOMs are not without their challenges. For instance, they theoretically only change when the underlying product changes. A new SBOM after a major software release makes sense, but it would be difficult for vendors to release a new SBOM every time a vulnerability is patched.
Moreover, the use of one dependency may necessitate the use of another, requiring attention to the things that are used by the things that you're using. This intricate web of dependencies can create pockets of software that users need to be aware of to manage vulnerabilities effectively.
Despite these challenges, open source software continues to gain traction in the enterprise at the expense of proprietary software. In fact, 89% of IT leaders surveyed believe open source software is as secure or more secure than proprietary software. This positive sentiment towards enterprise open source has grown over the past decade, with more than three-quarters of respondents saying they have a more positive perception of enterprise open source than they did a decade ago.
The May 2021 executive order from President Biden further emphasises the importance of SBOMs. The order requires software vendors contracting with the federal government to provide a software bill of materials (SBOM).
As the use of open source software in the enterprise continues to grow, it is essential to structure SBOMs as a tree that better maps which dependencies are related for better utility. This will help enterprises navigate the complex world of open source dependencies more effectively, ensuring a secure and efficient development life cycle.
Read also:
- Exploring the Architecture and Skills of Qualys' Agentic AI: A Deep Dive into Its Technological Framework and Abilities
- Auto Industry Update: Geotab, C2A, Deloitte, NOVOSENSE, Soracom, and Panasonic in Focus
- Preparations Underway for the 2022 FIFA World Cup: Impact on Sports Betting Industry
- Major cybersecurity breach hits over 690,000 clients at American financial technology company
