Skip to content
geeksforgeeks
  • Courses
    • DSA to Development
    • Get IBM Certification
    • Newly Launched!
      • Master Django Framework
      • Become AWS Certified
    • For Working Professionals
      • Interview 101: DSA & System Design
      • Data Science Training Program
      • JAVA Backend Development (Live)
      • DevOps Engineering (LIVE)
      • Data Structures & Algorithms in Python
    • For Students
      • Placement Preparation Course
      • Data Science (Live)
      • Data Structure & Algorithm-Self Paced (C++/JAVA)
      • Master Competitive Programming (Live)
      • Full Stack Development with React & Node JS (Live)
    • Full Stack Development
    • Data Science Program
    • All Courses
  • Tutorials
    • Data Structures & Algorithms
    • ML & Data Science
    • Interview Corner
    • Programming Languages
    • Web Development
    • CS Subjects
    • DevOps And Linux
    • School Learning
  • Practice
    • Build your AI Agent
    • GfG 160
    • Problem of the Day
    • Practice Coding Problems
    • GfG SDE Sheet
  • Contests
    • Accenture Hackathon (Ending Soon!)
    • GfG Weekly [Rated Contest]
    • Job-A-Thon Hiring Challenge
    • All Contests and Events
  • Software Engineering Tutorial
  • Software Development Life Cycle
  • Waterfall Model
  • Software Requirements
  • Software Measurement and Metrics
  • Software Design Process
  • System configuration management
  • Software Maintenance
  • Software Development Tutorial
  • Software Testing Tutorial
  • Product Management Tutorial
  • Project Management Tutorial
  • Agile Methodology
  • Selenium Basics
Open In App
Next Article:
Short note on Risk Assessment and Risk Mitigation
Next article icon

Open Source Code Compilation Risk

Last Updated : 10 May, 2021
Comments
Improve
Suggest changes
Like Article
Like
Report

Why Should You Care About Open Source?
There are chances for following risks

  1.  Licensing and Compliance Risk
  2.  Security Risk
  3.  Business and Operational Risk
  4.  Remediation Risk

Licensing and Compliance Risk :

  • Breach of licenses - 
    Automatic termination since no materiality/cure period : Breach of licenses means you are using code from an unauthorized party which may lead to inject various security breeches in your system, thus having risk of leaking data. So in such scenario, an organization don't need any special agreement for termination, it will automatically terminate the employee for breeching the security for the violation.
  • Copyright infringement -
    Copyright infringement states that your source code is not copied from a source that had licensed their code not to be used anywhere else. Every organization takes this very seriously as claiming copyright from anyone can lead many adverse consequences of an organization like heavy plenty.
  • ‘Viral’ infection of proprietary code -
    This means the code we are injecting doesn't contain any statement that will create a loophole for the virus injection in it. A virus injection in the source code is a very common method to breech the security of the organization.
  • Automatic grant of licenses to certain of your patents -
    If your source code is similar to some other similar kind of code (not exactly the same), you will automatically grant with the certain licenses associated with the similar code. If those licensees is secure enough to use by your organization, you are good to go.
  • Defensive patent termination rights - 
    It means that if your code work is not standing up to standards of code licensing , the respective authority had right to terminate your patent.
  • Use beyond scope of license -
    It means using source code that is not licensed are always in a threat of having a loophole for creating a security breech.
  • Under licensing; not enough seats/licenses - 
    It means using a license code of conduct but not following all the guidance that are required as part of code of conduct of that particular license.
  • Combinations of components under incompatible licenses - 
    When we are using more than one licensee in our project, we need to verify that the code of conduct for both the licensee are compatible with each other. If they are incompatible, there is a security risk always.
  • Failure to comply with licenses for “fourth party” components -
    Fourth party is the organization associated with your organization to provide you the work support. If the licensee compatibility of both the organization are not matched, there is a chance for breech of security for anyone or both the organization.

Security Risk:

  • Avoid unknowingly using third party software with known security vulnerabilities -
    Avoid using any third party software that uses contains any known vulnerabilities. Always check the license and code of conduct of that third party software.
  • Traditional static and dynamic security analysis find few OSS vulnerabilities -
    OSS vulnerabilities stand for open source software. The static vulnerability means an already associated risk and dynamic security means, that software doesn't contain any risk of security, but while operating that software, we had risk of operation.
  • No support; self-serve; pull vs. push model -
    Make sure the OSS used by you provides with a support facility for you to open a support request f you find any security related vulnerability in that particular OSS.
  • Risk profile changes over time -
    Keep updated about the change in the policies of various licensed code is necessary to keep your source code safe all the time.
  • Any vulnerabilities associated with the components -
    Make sure all the components of OSS must not be affected with an open source vulnerabilities.
  • Any patches available -
    Always check for the software updates if any for making sure no OSS vulnerabilities will affect your code.

 Business and Operational Risk:
Operational risk centers around how things are refined inside an association and not really what is created or intrinsic inside an industry. These risks are frequently connected with dynamic choices identifying with how the association capacities and what it focuses on. While the risks are not ensured to bring about disappointment, lower creation, or higher in general expenses, they are viewed as higher or lower contingent upon different interior administration choices.

Business risk is the openness an organization or association needs to factor(s) that will bring down its benefits or lead it to fizzle. Anything that undermines an organization's capacity to accomplish its monetary objectives is viewed as a business risk. There are numerous variables that can join to make business risk. Here and there it is an organization's top authority or the board that causes circumstances where a business might be presented positively of risk.

Following factors are always taken in consideration while applying business and operational risks -

  • Dependence on code from
  • Competitor/hostile party
  • Orphaned/dead project
  • Think ahead to integration and running the business or things can become very difficult
  • Changing the offering model
  • Standardizing on certain components
  • May be expensive or impossible to collect the key information later

Remediation Risk:
Remediation risk management(RRM) is the cycle for overseeing wild undertaking exercises or conditions that may bring about adverse results to remediation framework execution. The task group assesses the remediation risk and creates plans to work with risk relief.

Following factors are always taken in consideration while applying remediation risk management :

1. Code Remediation -

  • Removing, rewriting or replacing code
  • Costs: Engineering, time

2. Legal Remediation -

  • Amending/terminating agreements, seeking clarifications, seeking waivers of past liability, re-licensing components and obtaining new licenses
  • Often hard to remedy past non-compliance
  • Costs: Legal, time, fees to licensors

3. Risk Mitigation/Allocation -

  • Additional representations and warranties
  • Remediation-focused closing conditions and best efforts covenants
  • Specific indemnities
  • Additional escrows

Next Article
Short note on Risk Assessment and Risk Mitigation
author
priyasinghjee0033
Improve
Article Tags :
  • Operating Systems
  • Software Engineering

Similar Reads

  • Implementing Race Condition in C++
    Prerequisite - Race Condition VulnerabilityWhen two concurrent threads in execution access a shared resource in a way that it unintentionally produces different results depending on the timing of the threads or processes, this gives rise to a Race Condition.In Simpler Words :If our privileged progra
    5 min read
  • Short note on Risk Assessment and Risk Mitigation
    Software Risk is a problem that may or may not occur that shows the uncertainty of risks but if occurs, unwanted losses threats, or consequences will occur. It is generally caused due to a lack of incomplete information, control, or time. Table of Content What is Risk Assessment? What is Risk Mitiga
    3 min read
  • Overview of Software Composition Analysis
    As we know, there are number of different components are used during development of a software application/product. So, only using different components from different sources is not the case, it needs proper verification and validation to ensure everything is correct in the codebase. Here comes the
    5 min read
  • Different Categories of Risk in Software Development
    Risk simply represents the possibility of loss and injury. It is an event that might occur unexpectedly and cause an impact on our project. It can either have a positive or negative effect on the project. It can affect anything including people, processes, technology, and even resources. It simply f
    5 min read
  • Difference between Open source Software and Commercial Software
    Open source software is created by individuals, groups, or organizations and is freely available for anyone to modify and distribute. It is typically cost-free, with its source code openly accessible, allowing for transparency and customization. Examples include Firefox, OpenOffice, and VLC media pl
    7 min read
  • Software Freedom in FOSS (Free and open-source software)
    Free Software or Libre (Libre is the most common Spanish adjective for "free") software are the softwares that allows user to do to any kind of work he/she wants as well as he can modify, add new features and he has freedom to distribute the changed version also. A software is said to be free if it
    2 min read
  • Risk Mitigation, Monitoring, and Management (RMMM) plan
    RMMM Plan : A risk management technique is usually seen in the software Project plan. This can be divided into Risk Mitigation, Monitoring, and Management Plan (RMMM). In this plan, all works are done as part of risk analysis. As part of the overall project plan project manager generally uses this R
    4 min read
  • Different types of risks in Software Project Development
    Software development is a multi-stage approach of design, documentation, programming, prototyping, testing, etc. which follows a Software development life cycle process. Different tasks are performed based on the SDLC framework during software development. Developing and Maintaining software project
    5 min read
  • Lines of Code (LOC) in Software Engineering
    A line of code (LOC) is any line of text in a code that is not a comment or blank line, and also header lines, in any case of the number of statements or fragments of statements on the line. LOC consists of all lines containing the declaration of any variable, and executable and non-executable state
    4 min read
  • Integrating Risk Management in SDLC | Set 3
    Prerequisite - Integrating Risk Management in SDLC | Set 1, and Set 2. We have already discussed the first four steps of the Software Development Life Cycle. In this article, we will be discussing the remaining four steps: Integration and System Testing, Installation, Operation and Acceptance Testin
    9 min read
geeksforgeeks-footer-logo
Corporate & Communications Address:
A-143, 7th Floor, Sovereign Corporate Tower, Sector- 136, Noida, Uttar Pradesh (201305)
Registered Address:
K 061, Tower K, Gulshan Vivante Apartment, Sector 137, Noida, Gautam Buddh Nagar, Uttar Pradesh, 201305
GFG App on Play Store GFG App on App Store
Advertise with us
  • Company
  • About Us
  • Legal
  • Privacy Policy
  • In Media
  • Contact Us
  • Advertise with us
  • GFG Corporate Solution
  • Placement Training Program
  • Languages
  • Python
  • Java
  • C++
  • PHP
  • GoLang
  • SQL
  • R Language
  • Android Tutorial
  • Tutorials Archive
  • DSA
  • Data Structures
  • Algorithms
  • DSA for Beginners
  • Basic DSA Problems
  • DSA Roadmap
  • Top 100 DSA Interview Problems
  • DSA Roadmap by Sandeep Jain
  • All Cheat Sheets
  • Data Science & ML
  • Data Science With Python
  • Data Science For Beginner
  • Machine Learning
  • ML Maths
  • Data Visualisation
  • Pandas
  • NumPy
  • NLP
  • Deep Learning
  • Web Technologies
  • HTML
  • CSS
  • JavaScript
  • TypeScript
  • ReactJS
  • NextJS
  • Bootstrap
  • Web Design
  • Python Tutorial
  • Python Programming Examples
  • Python Projects
  • Python Tkinter
  • Python Web Scraping
  • OpenCV Tutorial
  • Python Interview Question
  • Django
  • Computer Science
  • Operating Systems
  • Computer Network
  • Database Management System
  • Software Engineering
  • Digital Logic Design
  • Engineering Maths
  • Software Development
  • Software Testing
  • DevOps
  • Git
  • Linux
  • AWS
  • Docker
  • Kubernetes
  • Azure
  • GCP
  • DevOps Roadmap
  • System Design
  • High Level Design
  • Low Level Design
  • UML Diagrams
  • Interview Guide
  • Design Patterns
  • OOAD
  • System Design Bootcamp
  • Interview Questions
  • Inteview Preparation
  • Competitive Programming
  • Top DS or Algo for CP
  • Company-Wise Recruitment Process
  • Company-Wise Preparation
  • Aptitude Preparation
  • Puzzles
  • School Subjects
  • Mathematics
  • Physics
  • Chemistry
  • Biology
  • Social Science
  • English Grammar
  • Commerce
  • World GK
  • GeeksforGeeks Videos
  • DSA
  • Python
  • Java
  • C++
  • Web Development
  • Data Science
  • CS Subjects
@GeeksforGeeks, Sanchhaya Education Private Limited, All rights reserved
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox
Improvement
Suggest Changes
Help us improve. Share your suggestions to enhance the article. Contribute your expertise and make a difference in the GeeksforGeeks portal.
geeksforgeeks-suggest-icon
Create Improvement
Enhance the article with your expertise. Contribute to the GeeksforGeeks community and help create better learning resources for all.
geeksforgeeks-improvement-icon
Suggest Changes
min 4 words, max Words Limit:1000

Thank You!

Your suggestions are valuable to us.

What kind of Experience do you want to share?

Interview Experiences
Admission Experiences
Career Journeys
Work Experiences
Campus Experiences
Competitive Exam Experiences