Open Source Insights are vital to make sure you have secure, current and compliant software

In other articles like Open Source Consulting we have spoken about the importance of understanding your Open Source software estate through our Open Source Insights. In essence, you need to know:

  • What pieces of Open Source software you are using
  • How secure and current these components are
  • How they are licensed

Many companies, particularly those that don’t necessarily write their own software may not consider Open Source exposure – but you really cannot afford to ignore it anymore. If you write your own software, or consume other company’s software, you are almost certainly using some form of Open Source software. Think of the widely publicized Log4j vulnerabilities of 2021. These impacted everything from Minecraft (Important Message: Security vulnerability in Java Edition | Minecraft) to lots of enterprise software (2021-007: Log4j vulnerability – advice and mitigations | Cyber.gov.au and Google Online Security Blog: Understanding the Impact of Apache Log4j Vulnerability (googleblog.com)). You would need to know your exposure quickly so you can work out what software and vendors you need to contact. And in the case of Minecraft and Log4j, this was the golden moment in every developer / security professional’s life where you get to explain what you do to your child who plays Minecraft and why they need to update their game!

Our Open Source Insights give you these vital pieces of knowledge

When Thought Source conducts an Open Source scan we look to see what components you are using that are Open Source. Our Open Source Insights let you know how your software is composed, what components are used, along with the licensing of these components, and how many security issues there are.

Importantly, we also sort the wheat from the chaff, so to speak, by telling you what are the most important issues you need to focus upon first.

What our customers have liked

Our customers are always blown away when we have competed an open source scan. We find components with unusual licenses, components with security issues. There’s always something and sometimes it is a component you didn’t realize was being used.

What does a scan look like?

We have been asked many times over the years to show a sample of what the scans look like. We have created a sample showing some of our Open Source dashboards for a few common Open Source projects at Open Source Scan Visualizer. Login with your favorite social login.

Let us know if you have a favorite open source project you would like us to scan and include! Take a look and let us know what you think. The login link is Open Source Scan Visualizer.

Our privacy terms apply (which you can find at Privacy Policy) which means we might contact you via the email you login with, but your data will not go any further than that.

 

Contact us now to discuss doing an Open Source analysis of your products

INTRODUCING

THE TECHNICAL DUE DILIGENCE SHOW

The Thought Source team have produced a video series covering the "behind the scenes" of performing technical due diligence for M&A projects.