Open-source software might be free to use, but that doesn’t mean it’s free of obligations. With threats becoming more complex, security must be a top priority.
As the adoption of open-source software continues to grow rapidly, software development teams must go to ever greater lengths to manage risk. Low-code development platforms (LCDPs) have further added to that risk surface by bringing development outside the IT department, potentially resulting in a rise of shadow IT.
Despite this, the use of open-source libraries can deliver tremendous benefits to businesses by delivering specific functionalities without developers having to build them from scratch. Open source is also a natural fit for low code, especially at a time when at least 82% of firms consider custom app development outside IT important for driving growth. Moreover, Gartner predicts that two thirds of all business apps will be created using low-code platforms by 2024.
These developments are among the defining characteristics of modern digital transformation strategies. This is also why open source accounts for as much as 90% of all code in today’s web and cloud apps, with the average software application relying on at least 500 open-source dependencies. As such, the sheer size and proliferation of open source has made it a key target for threat actors, with inevitable vulnerabilities leading to a significant increase in open-source risk. The grouping of open source and low code can, potentially, further expand that risk surface by letting it grow far beyond the auspices of the IT department.
Of course, that’s not to say businesses should scale back their adoption of open-source and low-code – not at all. Together, these innovations are vital for helping businesses adapt and scale rapidly in an era of constant change. But as is always the case with any innovation, new risks arise that need to be managed from the outset. Thus any digital transformation must be secure by design as such that security becomes a driver of innovation rather than a barrier. Here’s what that means for open-source low-code software development: