Managing the Risks of Open-Source Software

Paul Wade

Open-source software is a critical part of what powers businesses, and the world at large. It’s what a vast amount of the latest technologies are built on and has increasingly become the preferred tool of IT professionals across industries. The impact of open source is immense, and a study done by Harvard Business School estimated that demand-side value for this kind of software comes in at nearly $8.8 trillion.

But open source does not come without risk—a reality made all too real by the recent hack of the heavily used ‘xz’, a freely available and highly depended-on piece of open-source code that is leveraged by countless individuals and organizations to compress data and make it take up less space. Attacks like these are happening more and more, making the need for an effective response essential. And according to research from Synopsys, 74% of codebases it assessed had high-risk vulnerabilities, up from 48% in the previous year.

For those of us in the mainframe world, the imperative is here for us to act now and ensure the mainframe systems we depend on are protected. When it comes to something as foundational as open source, there are steps that you can take to boost security and prevent disaster. Here’s how.

Spotting the Gaps in Open Source, and How to Close Them

For mainframe developers leveraging IBM zSystems®, open source has been a huge catalyst for modernizing systems and enhancing operations. But if they’re relying on unsupported open-source languages and tools, there’s potential for them to fall out of compliance with critical security guidelines and standards. At a time when regulations surrounding data privacy, breaches, and data security are constantly evolving, failing to keep open-source use cases in check can have consequences that bring serious disruption and undue costs to businesses.

To address those risks head-on, organizations need a technology partner they can trust—one with deep expertise and a set of solutions purpose-built to help ensure any open source that is used remains secure. For example, let’s look at Rocket® Open AppDev for Z. This solution makes it easier to bring applications to market faster and at a lower cost. It also reduces security risks and compliance lapses by offering over 20 open-source languages and tools for users, all of which have been thoroughly tested, scanned and certified to run on z/OS®, while accessing the most recent versions and fixes to CVEs.

These solutions are also continuously kept up to date with the latest updates from the NIST National Vulnerability Database, ensuring organizations are adequately prepared for any potential threat. Likewise, the solutions are scanned for security vulnerabilities and conformance to proper open-source licensing before being released. Solutions like these are a crucial piece of the puzzle for businesses to spot security gaps, providing flexibility and robust monitoring to act before an attack happens.

Balancing Security in Open Source

Open-source software is here to stay, which means understanding how and when it should be used should be a top priority for every organization. By identifying where security gaps persist and quickly addressing them, businesses can fuel broader digital transformation and modernization initiatives without inviting undue risk into the equation.

It’s a daunting task, but nonetheless, an important one. As I reflect on the impact of open source, I leave you with a short poem I wrote:

In the world of code, where freedom reigns,
Open-source flows through our veins.
Git, Perl, and Curl, they build our day,
Yet contributions seem so far away.

We thrive on the work of the unseen few,
Whose passion and skill create the new.
But without our support, their light may dim,
The future uncertain, prospects slim.

Imagine the strength in a unified stand,
With companies lending a helping hand.
Invest in the tools that power our trade,
For a brighter tomorrow, foundations laid.

So, let’s join together, for the greater good,
Supporting open source, as we should.
For in giving back, we all shall gain,
A stronger community, free from strain.

Learn more about how Rocket Software can help support your organization to adopt and leverage open-source software.