Nowadays, software development without Free and Open Source Software (FOSS) is difficult to imagine. Using open-source software enables companies to significantly lower license and development costs in infrastructure and software development. On the other hand, relying on FOSS entails business risks which must be considered and mitigated: license obligations, as well as security and compliance aspects, are just some examples that could cost dearly if neglected.
To meet the requirements for compliant handling of open-source software, the following steps should be taken:
An up-to-date inventory of deployed FOSS components is also crucial for managing security vulnerabilities. Many companies were affected by serious security vulnerabilities in FOSS components, for example, the Heartbleed vulnerability, a serious bug in some versions of OpenSSL that put at risk protected information for everyone who was still using those outdated versions of the software. Only those who knew exactly which version of OpenSSL was used and in which products, were able to react quickly and protect their software.
Open Source Management is complex and requires specialized knowledge. It is especially difficult for those companies for which software creation is not part of their core business. The alternative here is outsourcing the FOSS management to a service provider. BearingPoint provides such an option with a highly specialized team focused on compliance and risk mitigation. The BearingPoint FOSS compliance services are highly standardized and are deployed in a multitude of business situations, companies, and markets.
With every technology, FOSS is widely used, and it brings many advantages to the development process. But it must be handled with major consideration to gain real value out of it and avoid any legal and security issues. Only in this way does FOSS become a friend of companies and helps them focus on innovation and customer value.