close search bar

Sorry, not available in this language yet

close language selection

Open Source Policies and Risks

Course Description

The use of open source code in modern applications is constantly rising. Open source software brings numerous advantages, including speeding development and minimizing costs. But there are also significant risks to using open source in terms of security vulnerabilities, licensing, and compliance.

In this course, we present the most widely used open source licenses and explain the obligations they entail for users. We explain how these licenses can be used correctly and how to avoid license conflicts. We also analyze the security risks of open source software and how vulnerabilities can be found and dealt with. Finally, we analyze the steps that need to be taken to build a corporate open source policy that will govern the use of open source software throughout the organization. Building an open source policy is essential in order to minimize both license and security risks.

Learning Objectives

  • Understand widely used open source licenses
  • Understand on the obligations they bring
  • Understand how to use the most well-known open source licenses
  • Understand the security risks of using open source code and how they can be mitigated
  • Build a corporate policy on the use of open source software in an organization

Details

Delivery Format: eLearning

Duration: 1 hour

Level: Beginner

Intended Audience

  • Architect
  • Back-End Developer
  • Front-End Developer
  • Enterprise Developer
  • Mobile Developer
  • QA Engineer

Prerequisites

Course Outline

Introduction
  • Benefits of Using Open Source
  • Risks
  • Impact from Non-Compliance with Licenses

Open Source Licenses

  • Open Source License Categories
  • GNU GPL
  • GPL Variants
  • Apache
  • MIT
  • BSD
  • Mozilla Public License

Using Open Source Licenses Correctly

  • How to Use GPL Licenses Correctly
  • Steps to GPL Compliance
  • Using Other Open Source Licenses
  • Components with Multiple Licenses
  • Re-Licensing
  • Dual Licensing

Security Risks of Open Source Software

  • Vulnerabilities and Open Source Software 
  • Security Risks
  • Minimizing Security Risks in Open Source Software 
  • Finding and Patching Vulnerabilities 
  • Software Composition Analysis Tools
  • Choosing a SSCA Tool

Building an Open Source Policy

  • Governance and Strategy
  • Putting Together a Team
  • Essential Components
  • Sourcing and Selection
  • Support and Maintenance
  • Contributions
  • Creating a New Open Source Project
  • Approval Process
  • Auditing 

Summary

  • Governance and Management of Open Source
  • Handling License and Compliance Risks
  • Handling Security Risks

Conclusion: To Use or Not to Use Open Source Software

 

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster