The vast majority of code in modern applications is made up of open-source components. This allows developers to focus on value-generating features and not on scaffolding and foundations. The challenge is that this scaffolding is not free like a lunch. It’s free like a puppy. That means that not only should you be careful in your selection, but that you must also be prepared to give it care and feeding. Learn how to create good habits around the usage of open-source software. This talk will provide actionable guidance for responsible use of open-source software.
- How careful are you in your component selection?
- Actively maintained
- Robustly supported
- Do you keep track of what you’re using?
- Provide a BOM to downstream consumers
- Maintain a current risk profile
- What if a new CVE is announced?
- Have you provided for regular maintenance?
- Components age like milk, not wine
- Policy for component drift
- Comprehensive automated testing to allow for quick updates