Mitigating risks in the software supply chain
With the average software application now relying on over 500 open-source dependencies, software supply chain security has become a critical concern for enterprises. Many OSS projects are developed by unpaid enthusiasts who lack the resources for ongoing maintenance, leading to potential vulnerabilities — as in the case of Apache Log4j. The adoption of AI coding tools, such as GitHub Copilot, will further accelerate code creation, increasing the overall code base and potentially worsening these security challenges.
According to Gartner, the cost of software supply chain attacks is expected to rise from $46 billion in 2023 to $138 billion by 2031. To address these growing risks to IT infrastructure, enterprises will need to adopt next-gen tools that leverage both modern AI and OSS in software composition analysis, vulnerability detection, software bills of materials, alerting, observability, AIOps, and other areas of devops and devsecops.
Exploring new funding models
Sustainability remains one of the core challenges for the open-source ecosystem. While some projects can be commercialized — though that poses its own set of challenges — the majority of OSS cannot, and therefore continues to rely on unsustainable, non-profit sources of funding.