Posted by David Znidarsic on January 19, 2018
Do you allow a supplier’s goods and services to be acquired and used by your employees without the approval of your management? Certainly not any more. You’ve probably spent years applying better governance around the acquisitions made by Shadow IT.
However, even before the emergence of shadow IT, your engineers have been making acquisitions from ungoverned suppliers: open source software authors.
Shadow IT mostly acquires compute and storage resources for internal use, but “shadow engineering” has been exposing your customers to ungoverned intellectual property by using open source software in your products.
Even though there are no subscription, licensing, or maintenance fees charged by these authors, their effects on your products are significant.
Just as shadow IT has helped organizations be more efficient and elastic, shadow engineering has done the same, but you must better govern what shadow engineering is acquiring.
David Znidarsic is the founder and president of Stairstep Consulting, where he provides intellectual property consultation services ranging from IP forensics, M&A diligence, information security management, open source usage management, and license management. Learn more about David and Stairstep Consulting at www.stairstepconsulting.com.
Get the latest AppSec news and trends sent directly to you.