Open source code
The good, the bad and the ‘could get ugly’

There is no doubt that the presence of open source code is good. It’s use is vast and it now forms the basis on which many applications are being developed, delivered and deployed.

The good

For the new generation of developers open source as a start point is the norm and the corporate world are also benefiting from the efficiencies it can bring. Savings in development time and costs, increased speed to market and technology continually being pushed forward.

The bad

Despite the positives, open source code still brings with it challenges. Vulnerabilities can occur at any point, which creates risk. The need to be able to keep a track of what has been used and where is essential in order to carry out updates to remediate risky components and maintain application performance.

Despite this in a 2016 survey on the ‘Future of Open Source’ from Black Duck Software the results showed that “Development of best-in-class open source security and management practices has not kept pace with growth in adoption” and that 47% of companies using open source code didn’t have any formal process for tracking which limits their visibility and consequently their ability to control it once in use.

The ‘could get ugly’

Testing any application is essential prior to deployment however when open source code is used in development it is important to remember the risk it brings, both from vulnerabilities and from the fact that it could be untested.

Assumptions can’t be made that open source code has been tested, and even if it has, that it will continue to work once it has been manipulated. Add on the updates and patches sporadically issued to address risky components and testing has to become a continual process in order to gain confidence that it will work every time. The smallest code change can alter the performance of an application and when the control and editing aren’t being dictated from in-house, testing could be the only solution to get confidence in performance.

Try before you buy, sign up for a free trial of JAR:TestLab to load and functionality test your application.

Load and functionality test you application, then monitor it

all from within one application.