How to develop a defensive plan for your open-source software project
Open-source software is becoming more and more popular. Recent research by Forrester Research found that the open-source model is now pre-eminent in application development and that custom-written code now often constitutes only 10 to 20 percent of most applications. As the open-source model becomes a de-facto standard for developers, concerns about its security have become more prominent. As CIO stated back in 2017 , “the speed of open source deployment by enterprises everywhere puts software security into question.” This has been a debate that has perennially resurfaced over the past decade, with various commentators claiming either that open source is more secure than proprietary code or less so. In reality, open-source code can be made as secure as the most rigorously developed proprietary code, but in order to achieve this, developers need to put in place an equally rigorous defensive plan. This is critical not only for preventing security weaknesses i...