Open source code is free and often comes with an attentive, passionate community of supporters, so many businesses are trying to utilize it as much as possible. Even better, open source seems to be on an upward trend of popularity; the majority of businesses are relying on at least some open source programs and components, and the number of open source components available is growing constantly.
However, if you’re considering utilizing an open source application for your business, or if you want to use an open source component in a project of your own, there are some important “dos” and “don’ts” to keep in mind.
A decade ago, no one talked about tail risk hedge funds, which were a minuscule niche of the market. However, today many large investors, including pension funds and other institutions, have mandates that require the inclusion of tail risk protection. In a recent interview with ValueWalk, Kris Sidial of tail risk fund Ambrus Group, a Read More
Don’t: Assume Open Source Is Always the Answer
There are literally billions of open source components, and millions of open source projects now available. It stands to reason that whatever application or function you’re looking for can probably be addressed by open source in some way. However, don’t automatically assume that open source components, or any one specific component is definitely the answer to your problem.
This boils down to a due diligence issue. No matter what, you’ll want to conduct independent research, review multiple different options, and consider those options carefully before moving forward.
Do: Maintain Open Source Compliance
If you’re going to use open source software or individual components, you’ll need to think carefully about your open source compliance. There are several important components to this process. For starters, you’ll need some way to make sure that you’re following the licensing obligations for each of your open source software components. For example, you’ll need to make sure that each open source component you use is authorized for commercial use. You’ll also need to determine whether there are special steps you’ll need to take to ensure your compliance with these licenses, like crediting the creators.
Additionally, you’ll want to work internally to determine which types of open source software and components your business can use. Ultimately, you’ll need to create a full open source compliance policy, which identifies:
- Whitelisted open source licenses, which can be used freely within your organization.
- Blacklisted open source licenses, which can never be used within your organization.
- Licenses that require approval to be used, as well as formal documentation of that approval process.
There are more than 200 open source licenses to consider, and 70 approved by the OSI. Many of these will fit your business’s goals and vision, but some will not. You need to be able to identify which are which.
Don’t: Use Open Source Without a Vulnerability Management Plan
Open source components tend to be reliable, since they’re often maintained by an entire community of developers. However, like any software component, they’re occasionally prone to vulnerabilities.
For businesses, this often presents a cascading problem; if you’re using an open source component with many dependencies, a vulnerability could jeopardize the integrity of your entire system if you don’t act fast. And if you’re using many different open source components, it’s ridiculously hard to keep track of all their updates, announced vulnerabilities, patches, and new versions.
Accordingly, you’ll need to have some kind of vulnerability management plan in place. For most businesses, that means utilizing some kind of automatic, continuous scanning method to identify open source components and analyze them for potential vulnerabilities.
Do: Engage With the Community
Open source software development is founded on strong community ties. Developers contribute knowledge and information to each other, make recommendations, and help each other out when utilizing open source components. If you want to get the most out of your open source components, and improve your reputation simultaneously, go out of your way to engage with the community. Volunteer new information when you can, help other developers who are struggling with implementation, and stay tuned to the latest updates.
Do: Create Forks and Experiment
Most open source component licenses allow you to freely create your own forks and alternative versions, so feel free to experiment. Instead of using open source software right out of the box, make adjustments so it fits closer with your business’s vision and needs. And if you make a critical advancement, consider sharing it with the community, or at least sharing the insights you gleaned along the way.
There’s almost no limit to what you can do with open source software and open source components. And in the future, open source is going to become even more popular—which means the possibilities are going to expand even further. Make sure you fully understand the strengths and weaknesses of open source components, and have plans in place to account for their potential vulnerabilities. If you manage them effectively, they can save your business a lot of money, and help you develop much more robust, functional products.