Trend Micro -
In alignment with the acceleration of digital transformation, the use of open source code components is exploding thanks to the speed, flexibility, extensibility, and quality they offer application development teams. The sacrifice, however, is an expanded attack surface with new risks like increased legal and intellectual property exposures.
Open source software innately falls under intellectual property protections, specifically copyright laws. Once a developer uses open source software in their application build, their organization is obligated to meet any terms or conditions specified in the associated license. This is why many organizations that are further along in their cloud migration have specific open source legal resources on retainer or on staff.
So why aren’t more businesses keeping a closer eye on their application development team’s use of open source components and risk mitigation? Let’s look at some scenarios.
I am assured my organization’s dev teams are not using open source code extensively, what’s the big deal with open source licenses?
Well, simply put, if an organization releases an application containing open source software without meeting the requirements of the license, they are committing intellectual property infringement and are legally liable. According to Snyk, at least 80% of any given application is