When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
This assumption could not be further from the truth.
Open source contributors are some of the most dedicated and knowledgeable programmers in the world.
Some open source software is so complex it takes literal rocket scientists to build.
This assumption also runs counter to one of the defining aspects of the open source community, its passion.
Who is responsible for open sourcesecurity?
Who is to blame when vulnerabilities are discovered?
These questions have no clear answer, except for everybody.
In fact, Sonatypedatahas shown that 96% of downloaded OSS components with a vulnerability already have a fix.
Despite these efforts from the OSS community, there is an element of risk.
Utilizing open source components means accepting responsibility for that risk.
This principle has become even more important as software supply chains have become intertwined and more complicated.
There are methods that developers should be using to mitigate the level of risk they face.
Especially considering the multitude of components and projects teams work on.
Simply having this information is not enough to safeguard your company, though, it must be acted upon.
Slow is smooth and smooth is fast
A pervasive myth aroundcybersecurityis that prioritizing security slows down development.
Confirming that it is very possible to do both.
Now, this might seem counterintuitive until you stop and think about it.
The companies only focused on speed don’t get the luxury of ignoring problems at the scale of Log4Shell.
They still have to deal with those problems, but they are entirely unprepared to do so.
This is an absolute performance killer.
Theyve accepted what they believe is a realistic cost and dismissed the possibility of both.
Rather the open source community is an incredibly talented, dedicated group of individuals.
The projects they share shape the backbone of many technologies we use daily.
Developers need to fully understand every element of the products they build and, with automation, they can.
Speed and security are not opposite approaches, they can happily coexist.
We’ve featured the best encryption software.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc.
If you are interested in contributing find out more here:https://www.techradar.com/news/submit-your-story-to-techradar-pro
