The way software is created is in the midst of fundamental change. Agile, component-based software development are helping coders create applications faster and more efficiently than ever before, but the process has also introduced complex new risks and requirements. Four critical steps toward Component Life-cycle Management (CLM) can help reduce those risks:
Step 1: Inventory – Gather information about your current component usage;
Step 2: Analyze – Understand vulnerabilities in applications and repositories; And understand the consequences of this change in the production cycle for your Business Model ...
Step 3: Control – Establish controls throughout the development life-cycle;
Step 4: Monitor – Maintain awareness of component updates.
Modern software development has become increasingly component-based, where applications are assembled from existing components rather than written from scratch and the vast majority of components are sourced from outside the organization. In most cases externally sourced components are open source. In fact, more than 80% of a typical Java application is assembled from existing open-source components and frameworks.
A complicating factor is the the double-edged sword of open-source innovation. On the one hand, open-source projects evolve and release frequently (the average component is updated four times per year) enabling users to reap the benefits of rapid innovation and bug fixes. On the other hand, the ecoystem lacks an effective update awareness mechanism, making it very difficult to keep up with projects and manage change – especially for large enterprises that consumes thousands of components each month.
Via Peter Hoeve