Open source has long become an integral part of how software teams build software, but still, the majority of us are not leveraging all the benefits the open source community has to offer by effectively engaging with it.
Most companies, knowingly or not, are passing up a golden opportunity to improve their software products and reduce their security and quality risks. Learn how you can harness the power of the open source community for the sake of your software?
The first thing you need to know is that if your team is integrating open source components into your product, then you are part of the community. Period. It doesn’t matter if you are also providing feedback or contributing your own projects back to the community.
Why is that?
If you are using an open source component in your software, then you’d like to know if someone else found a bug or a security vulnerability in it. You’d like to know if a new version was released which improves the performance or adds new capabilities. You basically want to learn from other companies or individuals using this very same component and apply their feedback to your software.
You might have heard of the management principle ‘Joy’s law.’ The principle states that no matter who you are or where you’re working, most of the smartest people are working somewhere else (meaning not for you).
The open source community can actually ‘make them’ work for you as it helps different companies and individuals work together and learn from each other’s experience, therefore benefiting from the ‘smartest people working elsewhere’.
So if the open source community is offering a golden opportunity in the form of gaining from other people’s experience, why are most companies giving up this advantage? The problem is that the average software product contains hundreds of open source components and continuously monitoring these components is almost impossible.
This is basically the goal of our company, WhiteSource. We developed a technology that is continuously scanning multiple sources (repositories, advisories, forums, issue tracker and more) and updating our database with the community feedback in real time. This includes license info, vulnerabilities and bugs, remediation suggestion and even quality scoring based on popularity, commits and issues fixes.
Creating the largest database of open source components and all relevant information on each component aggregates the feedback of almost the entire community. This provides a much-needed solution for companies and people using open source since they can be alerted on new feedback concerning the specific version they use and help them take educated decisions regarding updating or replacing open source components.
It really is in an organization’s best interests to engage with open source community at large, and invite contributions to its software projects. After all, as the saying goes ‘two heads are better than one.’ And I can tell you one thing for sure, the open source community has a whole load of skilled and dedicated people who are ready, willing and able to contribute to an open source project which they feel welcomed and valued by, and which they can benefit from.