DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • Calendar View
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • Calendar View
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • CI/CD
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Sustainability
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB
Hot Topics
  • Report Surfaces DevOps Challenges for Mobile Applications
  • Microsoft’s 9th Outage in 2023 ¦ RISE of RISC-V ¦ Meta Ends WFH
  • What’s Hot in DevOps | Predict 2023
  • Supercharging Ansible Automation With AI
  • Coming Soon: AutoOps

Home » Features » TechStrong Con: Open Source Software Community Needs Security Help

TechStrong Con: Open Source Software Community Needs Security Help

Avatar photoBy: Mike Vizard on June 24, 2022 Leave a Comment

The only way to make significant improvements in the state of open source security is if more organizations that benefit from open source projects commit to making more resources available to achieve that goal.

At the virtual TechStong Con event, executives on an Open Source and DevOps panel called for more contributions from enterprise IT organizations to ensure the integrity of open source software.

Cloud Native NowSponsorships Available

Organizations of all sizes now benefit from open source software whether directly or indirectly. Those organizations have a responsibility to participate in the development of that software in any way they can, said Jeffrey Barnes, senior software engineer for Remote Operations, a provider of medical transcription services. “We need to give back to the community,” he said.

Those efforts don’t necessarily have to involve contributing actual code, added Barnes. Many open source projects are in need of documentation and testing help because the number of actual maintainers of the project is relatively small, he noted.

The challenge is that many enterprise IT organizations don’t understand how to participate in open source software development processes, noted Tom Sweet, CIO for Industrial Refrigeration Pros. An organization might download a piece of open source software and then extend it. Rather than continuing to maintain that branch on their own, organizations should contribute that code back to the project to reduce maintainers’ overall IT burden, Sweet said.

“Many organizations are struggling to contribute back,” said Sweet. “It’s an evolution.”

Organizations clearly need to make contributing code back to open source software projects a natural extension of their DevOps workflows. In the meantime, the Open Source Security Foundation (OpenSSF), an arm of the Linux Foundation, is focusing on 10 streams of investment that, in total, would require more than $150 million in funding to drive greater adoption of DevSecOps best practices among maintainers of open source software projects.

The core issue is that many of those projects are maintained by a small number of programmers that voluntarily contribute their time and effort to build components that others are free to use. Like any other developer, the amount of security expertise those individuals have is limited. The onus for making sure the projects and software are secure is on the organizations that decide to deploy that software.

Unfortunately, many IT vendors and large enterprise IT organizations reuse that code without contributing anything meaningful back to the project—whether that be in terms of financing or helping open source maintainers find and remediate vulnerabilities.

It’s not clear to what degree business and IT leaders realize how dependent their organizations actually are on open source software. Many of them assume that open source projects are supported by IT vendors when, in reality, there are many projects that are dependent on the efforts of a small handful of developers volunteering their time and skills.

Many organizations, of course, may soon decide not to employ open source software if it doesn’t have a critical mass of developers working on it. However, in an era where DevOps teams and developers routinely download software, enforcing those policies is going to be problematic. The best thing enterprise IT organizations can do is engage with the open source software community more rather than less.

Recent Posts By Mike Vizard
  • Report Surfaces DevOps Challenges for Mobile Applications
  • Atlassian Advances DevSecOps via Jira Integrations
  • PagerDuty Signals Commitment to Adding Generative AI Capabilities
Avatar photo More from Mike Vizard
Related Posts
  • TechStrong Con: Open Source Software Community Needs Security Help
  • DevOps Leader HashiCorp Announces $24 Million in Growth Funding
  • Open Source Is the Secret Sauce of DevOps
    Related Categories
  • Business of DevOps
  • DevOps and Open Technologies
  • DevOps Practice
  • Enterprise DevOps
  • Features
  • IT Security
  • News
    Related Topics
  • enterprise IT
  • open source
  • oss
  • TechStrong Con
Show more
Show less

Filed Under: Business of DevOps, DevOps and Open Technologies, DevOps Practice, Enterprise DevOps, Features, IT Security, News Tagged With: enterprise IT, open source, oss, TechStrong Con

« Developer’s Guide to Web Application Security
Bugs and Features »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

ActiveState Workshop: Building Secure and Reproducible Open Source Runtimes
Thursday, June 8, 2023 - 1:00 pm EDT
DevSecOps
Monday, June 12, 2023 - 1:00 pm EDT
Interactive Workshop: 2023 Kubernetes Troubleshooting Challenge
Wednesday, June 14, 2023 - 9:00 am EDT

GET THE TOP STORIES OF THE WEEK

Sponsored Content

PlatformCon 2023: This Year’s Hottest Platform Engineering Event

May 30, 2023 | Karolina Junčytė

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Latest from DevOps.com

Report Surfaces DevOps Challenges for Mobile Applications
June 7, 2023 | Mike Vizard
Microsoft’s 9th Outage in 2023 ¦ RISE of RISC-V ¦ Meta Ends WFH
June 7, 2023 | Richi Jennings
Supercharging Ansible Automation With AI
June 7, 2023 | Saqib Jan
Coming Soon: AutoOps
June 7, 2023 | Don Macvittie
Atlassian Advances DevSecOps via Jira Integrations
June 6, 2023 | Mike Vizard

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

Most Read on DevOps.com

No, Dev Jobs Aren’t Dead: AI Means ‘Everyone’s a Programmer’? ¦ Interesting Intel VPUs
June 1, 2023 | Richi Jennings
Revolutionizing the Nine Pillars of DevOps With AI-Engineered Tools
June 2, 2023 | Marc Hornbeek
Friend or Foe? ChatGPT’s Impact on Open Source Software
June 2, 2023 | Javier Perez
Cloud Drift Detection With Policy-as-Code
June 1, 2023 | Joydip Kanjilal
Logz.io Taps AI to Surface Incident Response Recommendations
June 1, 2023 | Mike Vizard
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.