Open source software may have hidden costs, such as maintenance, support, security, and compliance. Users and contributors need to be aware of the total cost of ownership and the implications of using different licenses.
Large amounts of code in a project slow down development and reduce developer effectiveness because complexity has to be managed. The larger a codebase, the more bugs and vulnerabilities it will contain.
“Measuring programming progress by lines of code is like measuring aircraft building progress by weight.” - Bill Gates
Using open source software can often reduce Codebase Risk since it hands off the maintainance of portions of the codebase to third parties. However, this doesn't mean that using open source code is risk-free. Codebase Risk in the form of vulnerabities and functional mismatch still exist.
Codebase Risk is a risk caused by having a large, complex codebase to manage. - Complexity Risk, Risk First
Example: Technical debt refers to the cost of maintaining and updating existing code over time.
Example: The risk of owning too much code is commonly referred to as Codebase Bloat. This occurs when a codebase becomes large and unwieldy, making it difficult to maintain, modify, or scale.
Risk Management Activities
Software inventory is a precondition to most of the activities involved in OSMM level 2. The first step to licence compliance or supply chain security is to understand what software is in your estate.
Making The Case For Contribution
Organisational change can be very hard to achieve since organisations are naturally protective of themselves and the status quo. Setting up an OSPO and beginning an open source journey will seem like a risky and dangerous proposition for many parts of an organisation.
Open Source Supply Chain Security Testing
THIS IS A PLACEHOLDER