Knowledge Tree
open-source software components
Also known as: open-source software components, open-source components
Facts (33)
Sources
Open source software best practices and supply chain risk ... - GOV.UK gov.uk Mar 3, 2025 13 facts
claimSoftware composition analysis (SCA) tools provide an inventory of all open-source components used in a project, including their versions and licenses, and identify known vulnerabilities in these components, effectively producing a Software Bill of Materials (SBOM) (Alvarenga, 2023a).
claimThe increase in open source software vulnerabilities is partly attributed to developers utilizing open source components for speed and convenience under time pressure without considering security implications.
claimDetermining which open source software components are used within a software application to enable continuous monitoring is a complex and time-consuming endeavor.
claimA Software Bill of Materials (SBOM) is a list of open source software components used in a software product, including their dependencies and associated licenses.
claimDevelopers are mainly concerned with the quality of the open-source component.
claimContinuous monitoring of the software supply chain is necessary to identify vulnerabilities, licensing issues, and new versions of open source software components, as the lack of such monitoring increases the risk of data breaches or security incidents.
claimThere is a lack of guidance on how to manage open-source software components in industries outside of highly regulated sectors, such as education.
quoteLarios Vargas et al. (2020) noted that the first factor taken into account when evaluating open source software components is the type of project.
claimBinary repository managers facilitate the caching of local copies of open-source components, ensuring that frequently used packages remain accessible even during downtimes of external repositories, which maintains continuous project development and operations.
claimCaching versions of all open-source software components safeguards against incidents like the 2016 'left-pad' debacle, where the withdrawal of a minor package from the npm package manager caused widespread failure in numerous projects.
quoteButler et al. (2022) stated that the approval process for using open source software components relies more on assessment and discretion than on strict, predefined criteria.
claimForking is the process of creating a new project based on an existing project, which allows for monitoring alterations in open-source components because a connection to the original repository is maintained.
claimBinary repository managers improve the management and visibility of open-source components within projects by distinguishing between approved third-party artefacts and those pending approval, and by allowing access to specific libraries to be excluded and limited (Wainstein, 2018).
Open Source Software: What is OSS? - Sonatype sonatype.com 4 facts
referenceSonatype Repository Firewall automatically blocks known malicious or suspicious open source components before they reach a development environment.
claimOpen source components are freely available, which reduces licensing costs and vendor lock-in, resulting in a lower total cost of ownership.
claimReusing well-maintained open source components allows teams to focus on building innovative features instead of reinventing common functionality, leading to a faster time to market.
claimOpen source components accelerate software development while introducing security and compliance risks that organizations must manage.
Understanding and Complying with Open Source Software Licenses lathropgpm.com 3 facts
claimIntellectual property due diligence during business transactions typically includes a review of all business-critical software components and their associated license terms, including open source components.
claimImplementing a vetted review and authorization process for using and integrating open source components allows organizations to identify compliance issues early and take remedial action.
procedureThe process for complying with open source license obligations involves two primary steps: (1) identifying and tracking all software use, including open source components, through methods such as soliciting feedback from departments or using third-party code scans (e.g., Black Duck), and (2) centrally compiling and reviewing all license terms to understand the business purpose for each component.
Archetypes of open-source business models | Electronic Markets link.springer.com Jun 14, 2022 2 facts
measurementMore than 90% of software products include open-source components, as reported by Allen (2012), Fitzgerald (2006), and Harutyunyan (2020).
claimFirms using the Open Innovation business model provide a wide range of developer and application boundary resources to enable easy adaptation and modification of open-source components.
Open-source software - Wikipedia en.wikipedia.org 2 facts
referenceThe paper "Considerations and challenges for the adoption of open source components in software-intensive businesses" by Simon Butler, Jonas Gamalielsson, Björn Lundell, Christoffer Brax, Anders Mattsson, Tomas Gustavsson, Jonas Feist, Bengt Kvarnström, and Erik Lönroth, published in the Journal of Systems and Software in 2022, analyzes the challenges of adopting open source components in business.
claimSoftware as a service (SaaS) products that are based on open-source components are becoming increasingly common.
Open Source Boosts Innovation in Software, Hardware and Beyond rdworldonline.com Mar 2, 2017 1 fact
claimProducts containing open source components can still be patented if the application of the patent is unique in nature.
Open Source Licenses: Definition, Types, and Comparison solutionshub.epam.com Feb 3, 2023 1 fact
procedureTo ensure license compliance when using open-source components, developers should verify the license attached to the software and confirm that the rest of their code is compatible with the conditions stated in that license.
What are Open Source Licenses and How Do They Work? blackduck.com 1 fact
claimSoftware composition analysis (SCA) is an automated tool that scans a codebase for open source components and code snippets to return a list of associated licenses, known vulnerabilities, and other information.
State of the Software Supply Chain Report | 10 Year Look - Sonatype sonatype.com 1 fact
claimThe software supply chain has evolved from a niche attack method into a significant cybersecurity threat over the past decade, driven by the interconnectedness of modern software ecosystems and increased reliance on open source components.
Software License Types Explained: Open and Closed Source sonatype.com Apr 26, 2023 1 fact
measurementOpen source components constitute up to 90% of modern software applications according to the State of the Software Supply Chain report.
Open Source Licensing Explained: A Comprehensive Guide - TuxCare tuxcare.com Oct 21, 2024 1 fact
claimPermissive licenses like MIT or Apache are often preferred in enterprise environments where proprietary solutions are developed alongside open source components.
Open-source license - Wikipedia en.wikipedia.org 1 fact
claimEngineers working on complex projects often rely on license management software to achieve compliance with the licensing terms of open-source components due to the high volume of software dependencies.
bureado/awesome-software-supply-chain-security - GitHub github.com 1 fact
referenceSonatype OSS Index is a free service that catalogs open source components and identifies known vulnerabilities, accessible via web and REST API.
Business model: Open Source - Learning Loop learningloop.io 1 fact
measurementApproximately 96% of all commercial software programs include open source components.