• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Search
Close

Search

Recommended Reads

Velocitize Talks: Boyd Roberts of Big Picture Group on Branding, Websites & Open Source

3 Ways to Reduce Shopping Cart Abandonment

Happy Anniversary to WordPress! 20 Years & Going Strong

How to Design a High-Converting FAQ Page (5 Tips)

Velocitize

Your fuel for digital success

A publication by 

Your fuel for digital success

  • Featured
  • Marketing
  • Talks
  • Trends
  • Digital
  • Agency
  • WordPress Hosting
Follow

Open Source Software Benefits Far Outweigh Risks: Interview With VP of Security Strategy at Black Duck Software

Marie DodsonFebruary 2, 2017

Share

Open source software (OSS) provides overwhelming benefits to digital technologists, developers, and marketers today, providing them with a faster, more affordable time to market and seamless integration with other software.

While the proliferation of open source over the years has resulted in more secure, stable software, skepticism around its overall security still remains. There are risks involved in using any software, open source or commercial. With open source, not only are there ways to mitigate risk, but the extensive benefits of using OSS greatly outweigh any uncertainty.

We talked to Michael Pittenger, VP of Security Strategy at Black Duck Software to learn more about the state of open source security.

“There are going to be bugs in software whether you write it yourself or whether you’re using open source,” Pittenger told Velocitize.  

Risk can be significantly reduced by understanding the overall hygiene of the open source code being used. Pittenger recommends gaining a thorough understanding of the historical security profile of the platform as well as the state of the community that surrounds it.

Historical security profiles can help in the overall risk assessment associated with a specific open source project. “You may choose to switch from one open source platform to a similar project with a better security track record, but often that will be a function of how much digging developers have done,” said Pittenger.

For that reason, it’s critical to practice due diligence when selecting open source software. “Understand the code you’re using and the overall threat space because security can change over night,” Pittenger said.

More established OSS, like WordPress for example, is among the more secure open source applications available. Even more, through paid managed services, users can mitigate risk due to a number of other proactive security measures, including auto security updates, taken by service providers.

Auto-updates aren’t possible in systems that use pieces of open-source code throughout different components of their software, however. Pittenger explained that this is because, often times there are no clear processes in place to identify exactly where the code is being used and if it needs updating. Moreover, because there are other components involved, code must also be tested for compatibility. 

To minimize risk, Pittenger recommends having a policy in order to monitor open source code for updates and a process in place to triage issues as they arise. This can either be through internal processes or by leveraging open-source management software to monitor applications and containers.

“The concerns around open-source security are going to be business based,” Pittenger said. “This means that if you are a bank you’re going to be worried about vulnerabilities that might allow someone to access customer information. If you’re Twitter, you might be more concerned about bugs that are going to impact availability.”

Think about your business objectives and what you’re trying to achieve, Pittenger recommended. This will enable you to identify the technical implications you’re most concerned about.

“Different vulnerabilities have different technical impacts,” Pittenger said. “Then there are some code bases you won’t worry about at all…there may be vulnerabilities you ignore because you’re willing to absorb that level of risk,” he said. “There may be applications you don’t test because they’re not doing anything business-critical or their not managing any information that isn’t already public.”

The benefits outweigh the risk.

The Black Duck 2016 Future of Open Source Survey found that use of OSS increased in 65 percent of companies in 2016 vs. 60 percent in 2015. Not only that, but companies are starting to see more value in open source, with 67 percent participating in open source to squash bugs or add functionality and 59 percent participating to gain a competitive edge.

Companies recognize the tremendous value of open source in terms of lowering development costs and accelerating time to market.

“If a third of the average commercial application is open-source, then you just saved somebody a third of its development time,[…] If you decide to build that all yourself, then it’s going to cost you 50 percent more,” said Pittenger.

While cutting costs is important, OSS users are finding that the advantages go beyond affordability.

“Five years ago, Black Duck realized that the primary motivator for using open source was not cost… they recognize it’s not cost free — you still have to learn to use it, and there’s cost for support — whether you’re buying it or doing it yourself. […] They’re using it now because it adds value,” he said.

Pittenger stated that security issues don’t come into play that much when determining whether or not they should use open source.

“People understand the risk, just as they understand the risks associated with the cloud… And the benefits far outweigh the risks,” Pittenger said. 

Marie Dodson

Marie is passionate about WordPress, technology, and open source.

FacebookTwitterGoogle +

Join the conversation

Reader Interactions

Leave a ReplyCancel reply

Primary Sidebar

Liked this article? Share it!

Featured Posts

  • Velocitize Talks: James Bavington of StrategiQ on WordPress, ...

    Eileen Smith

    March 29, 2024

  • 3 Best Link in Bio Tools for Instagram

    John Hughes

    March 27, 2024

Recent Posts

  • Velocitize Talks: James Bavington of StrategiQ on WordPress, WooCommerce & WP Engine
  • 7 E-Commerce Metrics to Track
  • 3 Best Link in Bio Tools for Instagram
  • How Real Brands Are Using AI Tools in 2024
  • Can You Use Custom ChatGPTs to Improve Your Website?

Recent Comments

  • John on How to Find Your Highest-Spending Customers (2 Methods)
  • JimmyniP on Registration Now Open for DE{CODE} 2024!
  • Digivider on How to Run a Successful Facebook Ad Campaign (In 3 Easy Steps)
  • Searchie Inc on 5 Best AI Content Generators for WordPress Site
  • Sophia Brown on Why You Should Add a Blog to Your Online Store

Categories

  • Agency
  • Analytics
  • Campaigns
  • Content Marketing
  • Digital
  • E-commerce
  • Events
  • Featured
  • Influencer Marketing
  • Insights
  • Interview
  • Marketing
  • Podcasts
  • Recommended Reads
  • Reports
  • SEO & SEM
  • Social Media Marketing
  • Spotlight
  • Statistics
  • Technology
  • Trends
  • Uncategorized
  • Website

Footer

A WP Engine publication

Categories

  • Featured
  • Marketing
  • Talks
  • Trends
  • Digital
  • Agency
  • WordPress Hosting

Pages

  • About Velocitize
  • Sponsored Content
  • Contact
  • Privacy Policy

Follow

© 2016-2025 WPEngine, Inc. All Rights Reserved.
WP ENGINE®, TORQUE®, EVERCACHE®, and the cog logo service marks are owned by WPEngine, Inc.

1WP Engine is a proud member and supporter of the community of WordPress® users. The WordPress® trademarks are the intellectual property of the WordPress Foundation, and the Woo® and WooCommerce® trademarks are the intellectual property of WooCommerce, Inc. Uses of the WordPress®, Woo®, and WooCommerce® names in this website are for identification purposes only and do not imply an endorsement by WordPress Foundation or WooCommerce, Inc. WP Engine is not endorsed or owned by, or affiliated with, the WordPress Foundation or WooCommerce, Inc.