Open source software is increasingly being used, especially by the startups to reduce their costs and to reduce the time taken for software development. As there are no license costs associated with open source, it becomes attractive to startups.
According to GitHub, there are 73 million users in 2021. Of this, 7.2 million users are from India, which stands a close third to the USA (13.5 million users) and China (7.6 million users). By 2023, GitHub expects 10 million Indian developers on its platform.
Open source is beneficial but it has its shortcomings. In their code bases, most of the software shows at least one vulnerability. In terms of maintenance, most of the code bases are more than four years out of date.
Open source security has made considerable advances. Still, the code bases have high risk vulnerabilities. There are outdated versions of open source components in the code bases. It is only after these are detected that steps are taken to fix them.
To overcome these shortcomings, it is necessary to use a Software Bill of Materials (SBOM) that spells out a compete inventory of the code base — open source components, version, and known vulnerabilities. SBOM helps to determine whether we are using any outdated or insecure code. Secondly, though manually it is difficult to track the vulnerabilities and patch them, automated scanning can be used to detect and patch the vulnerabilities. Thirdly, organisations must incorporate security right from the start of the development process — it is called Shift Left. A developer must follow secure coding practices at every step of development.