Featured Article from Software Licensing

Unmanaged Open Source Software Creates Risks

March 01, 2017



The technology world is rapidly moving away from proprietary, legacy software development toward the open source model, driven by the cloud, the services and subscription-based pricing trend and a need for interoperability. But open source does not equal free, and in fact the whole notion of open source software (OSS) and development is somewhat cloudy and confusing.

A prime example of this confusion is Oracle’s (News - Alert) recent move to enforce commercial terms for customers who were under the impression they were using free Java software. A recent blog post from Flexera Software, a company specializing in software licensing and monetization strategies for the digital age, discusses why the open source concept is so confusing and how the problem can be addressed. According to Jeff Luszcz, VP of product management at Flexera, many customers using Java believe the software is free, a misconception.

“The confusion lies with Java Standard Edition, available for download from Oracle’s website,” writes Luszcz. “If you only want to write a Java application, feel ‘free.’ The problem arises if you install that application on hundreds of desktops, requiring Microsoft (News - Alert) Windows Installer Enterprise JRE Installer – which is NOT free to use… And it does not stop there. There are additional parts and editions of Java that are not free either.”

The Oracle Java confusion is merely one example of open source murkiness, but points to the larger problem of unmanaged OSS. Very simply, when an open source component is built into a commercial software product but unmanaged, it runs the risk of violating the open source license at a minimum, and containing a security vulnerability or risk in the worst-case scenario. And the sheer amount of unmanaged OSS in use today is threatening the integrity of the entire software supply chain.

The solution is proper tracking, management and monitoring of OSS and third-party components. Since just about every open source component comes with a license or some sort of governance, businesses are obligated to ensure they are meeting usage requirements and need a software licensing management offering to stay on top of this. OSS license compliance management education must also be part of any IT and technology strategy, and senior managers need to be informed about license compliance requirements along with the need for security and other updates.

Some companies are forming Open Source (News - Alert) Review Boards (OSRBs) comprised of technical, legal, IT and management personnel, to address OSS compliance requirements and security. A Software Composition Analysis tool is also useful for discovering and managing OSS and third-party components in use. This type of solution can also automate and manage the process of vulnerability alerting.

OSS software is not always free, as the Oracle Java conundrum illustrates, and it is most definitely not free of obligation. Businesses using OSS and third-party components are responsible for staying on type of licensing compliance requirements in order for the software model to succeed. Failure to do so can lead to security vulnerabilities and fraud, putting businesses at risk and negating all the financial benefits of using OSS in the first place.




Edited by Maurice Nagle
Article comments powered by Disqus


Free Trials

See For Yourself Why So Many Trust Flexera Software Solutions

Featured White Papers / eBooks

Report: Software Licensing 2016: Seismic Shifts - Shaky Foundations

Report: Software Licensing 2016: Seismic Shifts - Shaky Foundations
Key Trends in Software Pricing & Licensing Survey - 2016 Report...

eBook: How Can You Monetize the Internet of Things?

eBook: How Can You Monetize the Internet of Things?
This eBook provides 5 tips for leveraging your intelligent devices and apps to gain higher revenues, competitive advantages and lower costs as well as discusses software monetization and licensing use cases and success stories...

eBook: 10 Reasons to Buy a Purpose-built Software Monetization Solution

eBook: 10 Reasons to Buy a Purpose-built Software Monetization Solution
Read this eBook that arms you with 10 reasons to buy - and not build - that can be used to develop the business case for leveraging a commercial Software Monetization solution...

eBook: How Do I Transform My Hardware Business and Supply Chain Processes to Support a Software Business?

eBook: How Do I Transform My Hardware Business and Supply Chain Processes to Support a Software Business?
This eBook discusses the hardware to software shift, the changing business requirements for successfully managing a software business and provides guidance on next steps...

Featured Press Release

Featured Webinars

Networking Leader Shares Why Transforming their Business was Key to Leveraging NFV Market Trend

Networking Leader Shares Why Transforming their Business was Key to Leveraging NFV Market Trend
Attend this webinar to hear Richard Jenny, Director of Program Management and DevOps with ADVA Optical Networking discuss why they decided to leverage a Software Monetization platform instead of building their own software licensing, entitlement management and software update solution.

Expert Panel: Software Monetization Trends and Best Practices with IDC and Flexera Software
Join Software Monetization experts as they share predictions and best practices on the topics that are driving transformation in the technology industry. If you are a software vendor looking to adopt new subscription, usage and outcome-based business models or a device manufacturer looking to monetize your software and establish recurring revenue models, this panel discussion will address all these issues as well as the impacts of cloud, virtualization and IoT.

Webinar: Software Monetization Maturity Model - How to Get Your Organization to the Next Level
Application producers are faced with many challenges as they try to grow revenue and streamline back-office processes, and those that are thriving have adopted a strong and well thought out software monetization strategy