Posted on

SMEs and startups must make open source security a collective responsibility

open source code security

Enterprises of all sizes have begun accelerating the adoption of digital tools, such as open source software, to ensure business agility and resilience while adapting to the new normal. In fact, the trend has started a year ago, with almost 70 per cent of the Global Fortune 50 companies made contributions to open source in 2019.

Despite numerous well-documented case studies on the successful and effective adoption of open source to develop secure code, outdated perceptions surrounding the aspects of its security still exist.

Red Hat’s recent report found perceived security issues to be a barrier preventing the adoption of enterprise open source across businesses in Asia Pacific, with 34 per cent of APAC respondents indicating the security of code as a key concern.

On the contrary, one of the main differentiators of open source software is its principle in security. Open source combines the smartest minds in the developer, maintainer and security worlds to identify and fix vulnerabilities, while ensuring transparency throughout the software development lifecycle, making security a collective responsibility. 

Businesses are making the switch

Today, 99 per cent of all software projects are developed using open source. The most progressive enterprises have turned to open source to help them create innovative software solutions, faster. Businesses can reduce resources allocated to developing competitive products by building on open source components that have been proven to be secure.

This is especially important for small and medium-sized enterprises (SMEs) and startups who are looking to scale up or break into the international market.

Also Read: How open source fostered the community spirit in the tech world

Enterprises have traditionally relied heavily on security researchers to uncover, report and fix vulnerabilities in their code. But code security research is a specialist skill and the supply for researchers far outweighs the demand, so much so that security researchers are on average outnumbered 500:1 when compared to developers.

Moreover, with the increase in the APAC cybersecurity talent workforce gap, surpassing the two million mark in 2019, it is clear that a change in the approach is needed.

Make security a collective responsibility

Open source development platforms encourage users to take on a collective responsibility when developing and maintaining secure code. On GitHub alone, more than 7.6 million security alerts were remediated in 2019 by developers, maintainers, and security researchers across the community.

By adopting a ‘shift-left’ approach to security, developers are empowered to continually check for vulnerabilities as part of the development and testing phase.

With the appropriate tools, developers can leverage automated code scanning technology to uncover and fix vulnerabilities in the early stages of the software development lifecycle, ensuring a seamless transition into production and a developer-first approach to security.

With the growing number of members in the Open Source Security Foundation (OpenSSF), alongside research groups such as our own GitHub Security Lab, open source code is more securable than proprietary software. These initiatives bring together industry experts and leaders with a common goal that is to help the community improve the security of open source software. Organisations have come together to commit time, resources and expertise to finding and reporting vulnerabilities in open source, building new and improved security tooling, and developing secure best practices for everyone.

Also Read: The open source business model: can ‘free’ be ‘profitable’?

Open source security benefits for SMEs and startups

By bringing together an extensive pool of talent to identify and fix security vulnerabilities in code, open source projects see vulnerabilities fixed and updates released much faster than proprietary software.

Open source development platforms are also evolving to support this collaborative approach to building secure code and are updating and releasing new tools to expand security research capabilities.

Features from automated detection and remediation, to those that enable the tracking of emerging security vulnerabilities, have been incorporated into these platforms to identify threats and facilitate proactive prevention.

GitHub, for example, is a Common Vulnerabilities and Exposures (CVE) numbering authority and is authorised to assign CVE identification numbers to code. This capability allows maintainers and the wider community to coordinate their efforts to prioritise and address newly discovered vulnerabilities, effectively.

Create the right ecosystem to develop secure code

SME and startup leaders need to understand the fundamentals of secure coding and implement its best practices to minimise security breaches. If followed diligently, everyone in a business will have a role to play in ensuring that no vulnerabilities are left unchecked and unresolved, enhancing both the quality and security of code.

For this to happen, code must be secure throughout the entire software development lifecycle. Achieving this requires the right tools to enhance security from the ground up.

Identifying the appropriate platform and applying the best practices will go a long way in strengthening the overall security infrastructure across the open source ecosystem, generating more robust code for everyone.

Also Read: The open source business model: can ‘free’ be ‘profitable’?

Open source has revolutionised software development, and created an interconnected community of developers that is deeply collaborative and extends across the globe.

Securing the world’s code must be a collective responsibility because a safe and healthy open source community isn’t just good for open source, it benefits the millions of critical technologies that depend on it.

Editor’s note: e27 aims to foster thought leadership by publishing contributions from the community. Become a thought leader in the community and share your opinions or ideas and earn a byline by submitting a post.

Join our e27 Telegram group, or like the e27 Facebook page

Image Credit: Roman Synkevych on Unsplash

The post SMEs and startups must make open source security a collective responsibility appeared first on e27.