A study conducted by the Synopsys Center for Open Source Research and Innovation found that enterprise software is now comprised of more than 90 percent open-source code—and businesses are taking notice. The State of Enterprise Open Source study by Red Hat confirmed that “95 percent of respondents say open the source is strategically important” for organizations. Making code widely available has changed how software is built, with more reuse of code and complex dependencies—but not without introducing security and compliance concerns. Open source projects, like all software, can have vulnerabilities. They can even be the target of malicious actors who may try to use open source code to introduce vulnerabilities downstream, attacking the software supply chain. These threats expose your organization to additional risk.
At GitHub, we see security as an issue we need to address as a community: one that affects all software, regardless of how much proprietary code it contains. Similarly, a safe and healthy open source community isn’t just good for open-source software. It also benefits the millions of businesses that depend on it.