Today, developers leverage more than 50% of open source (OSS) in their proprietary applications. The benefits of open source use are faster time to market, enhanced innovation, and, in addition to less cost, more flexibility. In this environment, security vulnerabilities, data breaches and potential compliance lawsuits are very real possibilities without the proper due diligence.
The technology landscape makes available many options for code re-use and redistribution. Developers nowadays often don't need to write code from scratch; a simple Google search or GitHub browse will yield hundreds of potential open source solutions. However, what's lacking is a real understanding of open source licensing and risks when incorporating "free-range" code into proprietary and commercial software. "Open source" does not mean "license free" or "free to use." The impact of non-compliance usage of open source software usually hits a company's bottom-line. For example, incorporating code snippets from a General Public License (GPL) source into proprietary code base may contaminate the entire code base and cost millions to clean up and/or potentially risk losing core intellectual property.
So the key question becomes, how do I begin to understand what is in my code and the associated risks?
In this webinar, we will answer those questions and cover:
Ethan Le is currently the Director of WW Professional Services for Revenera's Software Composition Analysis (SCA) group. He is responsible for driving Revenera SCA's ever growing services team performing baseline & M&A audits, training and implementation for more than 200 customers. Before joining Revenera, he developed and ran Cisco's M&A open source due diligence process. With over a decade of experience in the open source space, being on both the audit producer and consumer, Ethan is well versed in helping clients understand and remediate open source risks.