How OpenSSF Scorecards Can Help to Evaluate Open-Source Software Risks
1 min read
Aug 02, 2022
Everyone knows the phrase “software is eating the world” by Marc Andreessen from over a decade ago. Software powers and touches nearly every aspect of modern society, both personally and professionally, and is critical to the modern economy and national security.
It can also be said that open-source software (OSS) has eaten the software industry. The Linux Foundation and other groups have estimated that free and open-source software (FOSS) constitutes 70% to 90% of any modern software product. Not only is modern software largely composed of OSS components, but IT leaders are more likely to work with vendors who also contribute to the OSS community.
OSS use is rampant because of its flexibility, cost savings, innovation through community enabled projects, and arguably better security through more eyeballs on the code, especially for large OSS projects. That said, OSS comes with its own concerns, including Common Vulnerabilities and Exposures (CVEs) for affected code.
Related Articles
1 - 0 min read
Linux vs. Windows: A Critical Look at Desktop Choices
1 - 0 min read
Hacked VMs Reveal New Attack Risks
