One of the reasons they put ingredient labels on food is so you can make sure you won't eat something that might kill you.
Why don't we do the same thing with software?
Okay, maybe it won't kill you, but it could make you sick to find out that the software you installed contains an ingredient (sub-component) with critical security vulnerabilities or licensing terms you can't stomach.
With open source, you're able to discover all the ingredients, but it can take some work. For example, many popular packages contain dozens of other open source components inside, often using a number of different licenses. The top-level project frequently won't declare all the details of the dependent projects, some of which might violate your own legal or technical policies.
And what about your own code? Do you know every open source package you use? What about code coming in from developers in other groups? Off-shore partners? Have any of them copied and pasted code from the open source community into code they give you?
Make sure you're able to put the right label on your code, too. You don't want to serve up anything to your end users and customers that might cause an allergic reaction.
Allowed tags: <a> link, <b> bold, <i> italics
If you read a post on The Enterprise OSS Blog, please leave a comment. Let us know what you think, even if it's just a few words. Comments do not require approval, but they are moderated.OpenLogic reserves the right to remove any comments it deems inappropriate.