GPL, Open Source, Source Forged , Shareware, freeware, code applets, open source api's etc. Etc .. So many scary jargon for security experts.. No its not like that but the mismanagement of development activity and time pressure makes it scary.
Definitely every one is quite happy with SOA , Web 2.0 and many more such kind of technological development. Think what could be a reason for such a fast development of applications, quick delivery, immediate ROI ?
Yes its a miracle in development project provided by Open Source Foundation. Their are millions of readily available codes available on WWW which developers quickly fine tune and use to deliver desired output in any application. Collection of such codes is very well known as framework.
Now above statements is from business executive point of view. If you ask me as security expert yes its boon but take a example of RIM Law Suit case these are the cases which is kind of shame for such a big organizations. Reason in development phase some of the developers used a readily available code on Google search and after 5 year real owner of code filed a law suite that his Idea was stolen without paying a royalty ..
Till yesterday it was my assumption that its very difficult to find weather developers used a open source foundation codes in their application or its written from scratch. If some thing is already available it does not make a sense to rewrite but yes its organization duty to pay a developer payment if its commercially viable solution. So now be happy their is one software in market which will scan your source code and will report all the open source codes and application or API's used in the application development cycle. Remember before posting some nasty comments locks are met for gentleman not for thief.
Palamida, a vendor that sells software and services around open-source software security and legal compliance. Palamida thought it wise to distribute the 25 projects over a number of categories, since open source "has permeated up and down the stack," . Today, Palamida's software scans a customer's code base, determines which open-source software is in use, and provides information about associated licenses, known vulnerablities and available patches.
Overall Palamida and its competitor Black Duck Software "have been moving into providing a tool for software development," said Redmonk analyst Michael Coté. "Instead of making sure your open-source code use is healthy from only a legal perspective ... the idea is to make sure that your overall use of OSS is healthy."
What would you say now .. Any excuse .. :)