CxOSA Overview
Open Source Analysis (OSA)
Open source code analysis is a structured process for identifying security and legal issues known to the community within open source used by customer applications. Undiscovered faults in open source code can expose you to exploitation. Open source code analysis is a structured process for identifying security and legal issues known to the community within open source used by customer applications. Undiscovered faults in open source code can expose you to exploitation and intrusion.
An open source code analysis tool should define risk using the following key criteria:
Security Risk - Vulnerabilities in open source code components can expose the application to malicious intent and can put your data at risk.
Code Quality Risk - Components which are out of date or have inactive communities are at increased risk of code issues, including flaws in security as well as vulnerabilities.
Compliance Risk – Using or distributing software with open source components outside the terms of its constituent licenses places you at risk for litigation and compromised intellectual property.