NEW YORK - June 25, 2020 - According to the Information Security Forum (ISF), trusted resource for executives and board members on cyber security and risk management, open source software (OSS) is emerging as a core part of IT infrastructure and applications, largely due to the growing popularity of agile development methodologies and DevOps practices. With a substantial number of commercial and custom-made applications incorporating OSS, it cannot, and should not, be ignored.

In an effort to support global organizations, the ISF announces the release of Deploying Open Source Software: Challenges and Rewards, helping security professionals recognize the benefits and perceived challenges of using OSS and set up a program of protective measures to effectively manage OSS. OSS is often seen as being insecure and unsupported. As these negative connotations continue to taint its reputation, some organizations officially prohibit it, even though they may unknowingly be using OSS. Others enthusiastically adopt OSS, harnessing its advantages, such as aiding flexible and rapid development. The latest paper from the ISF demonstrates that OSS can be a positive influence on software development, if used and managed responsibly.

"Many organizations are adopting agile and DevOps methodologies, which is driving an increased uptake of OSS and, in turn, the creation of new mixed source applications," said Paul Holland, Principal Research Analyst, ISF. "The growing prevalence of OSS needs to be balanced by a concerted effort to manage its use appropriately and effectively. For some organizations, the first step is to realize that the myths surrounding OSS are simply illusions. For other organizations, the appeal of OSS and mixed source software is already apparent, allowing them to develop new applications securely and increase speed to market for new ideas."

With OSS becoming commonplace within organizations, it brings a different set of risks and perceived challenges compared to closed source (proprietary) software. Establishing the difference between the myth and the reality will be critical to securing OSS. As it becomes the mainstay within application development and infrastructure, security professionals will need to understand OSS and manage the challenges associated with its components. Fixes to these security challenges should be implemented as part of an OSS management program, led by a senior individual appointed to the role of OSS Program Manager. Integrating all these measures into a single, overarching program will enable a holistic and coordinated approach to managing the risks of OSS.

Deploying Open Source Software: Challenges and Rewards is available now via the ISF website (http://www.securityforum.org/).

Founded in 1989, the ISF is an independent, not-for-profit association of leading organizations from around the world. The ISF is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.

Contact
John Kreuzer