From a9e55fabbc3dc7d74713d4c379cfa91d212622ca Mon Sep 17 00:00:00 2001 From: "David A. Wheeler" Date: Mon, 9 Dec 2024 23:47:54 -0500 Subject: [PATCH] Note OSS collaborative review and development Expand, with a few words, to explain some of the advantages of OSS, to justify the text that follows. Signed-off-by: David A. Wheeler --- secure_software_development_fundamentals.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/secure_software_development_fundamentals.md b/secure_software_development_fundamentals.md index f63a805..75dd89d 100644 --- a/secure_software_development_fundamentals.md +++ b/secure_software_development_fundamentals.md @@ -1243,7 +1243,7 @@ Many systems support installing extensions that are separately developed and mai We use the term “reused software” here, because that is our primary concern. This reused software includes all the software you depend on when the software runs, aka its dependencies. -In most cases, the majority of a software application's code is reused software that is licensed as open source software (OSS). OSS is, briefly, software where users have the freedom to run, copy, distribute, study, change and improve the software (this is actually the [Free Software Definition](https://www.gnu.org/philosophy/free-sw.en.html)). A very widely-used and more detailed definition of OSS is the [Open Source Definition (OSD)](https://opensource.org/osd) from the [Open Source Initiative (OSI)](https://opensource.org), who also maintain a list of [OSI Approved Licenses](https://opensource.org/licenses). Studies show that the average percentage of OSS in software applications is somewhere between 77% ([Black Duck 2024](https://www.blackduck.com/resources/analyst-reports/open-source-security-risk-analysis.html)) and 90% ([Sonatype 2024](https://www.sonatype.com/state-of-the-software-supply-chain/introduction)). +In most cases, the majority of a software application's code is reused software that is licensed as open source software (OSS). OSS is, briefly, software where users have the freedom to run, copy, distribute, study, change and improve the software (this is actually the [Free Software Definition](https://www.gnu.org/philosophy/free-sw.en.html)). A very widely-used and more detailed definition of OSS is the [Open Source Definition (OSD)](https://opensource.org/osd) from the [Open Source Initiative (OSI)](https://opensource.org), who also maintain a list of [OSI Approved Licenses](https://opensource.org/licenses). Software licensed as OSS can be collaboratively reviewed and developed worldwide. Studies show that the average percentage of OSS in software applications is somewhere between 77% ([Black Duck 2024](https://www.blackduck.com/resources/analyst-reports/open-source-security-risk-analysis.html)) and 90% ([Sonatype 2024](https://www.sonatype.com/state-of-the-software-supply-chain/introduction)). Since it's so common, let's focus on tips on how to evaluate OSS before reusing it. Many of these tips will also apply to evaluating closed source software.