I was browsing the Serena website today, and came across a white paper: “Time to harden the SDLC. Open Source: does it still make sense? (10 reasons enterprises are changing their policies)”. You are required to supply personal information to download a copy, and they force this by only providing the link by email. However, intrigued, I requested one.
Apparently, enterprises are questioning their use of Open Source software (presumably in the specific area of software development) because:
- Terrorists
- Chinese hackers stealing things
- Chinese hackers changing things
- There is no support
- Ransomware
- Man-in-the-middle attacks
- Local copies of source code are easy to steal
- Edward Snowden
- 0-days
- Git is hard to use (I’ll give them this one)
The list ends with this wonderfully inconsistent paragraph:
All of this seems very alarmist: what is the true situation? The truth is no one really knows because no one is talking about it. There is a clear, present and obvious danger from using open source solutions in support of your technology stack. You have to decide if the risk is worth it.
No-one really knows, but there’s a clear, present and obvious danger? I see. The only clear, present and obvious danger demonstrated here is the one that git is posing to Serena’s business…
When I first read that last sentence I interpreted the word git in the same way that we used to use it at school…
Oops! I’ll add some formatting.