Words spoken from experience Eric, no doubt. To make your recommendation to monitor and inventory your product's use/dependency on open source software even more actionable, I have had good experiences with source code analyzers, and would say that this could be worth investing on (not only for open source usage monitoring but for general source code quality and hygiene). Here is an example: https://snyk.io/product/open-source-security-management/license-compliance/ - I wonder what other's take is on this
Another insightful article and one that all product managers should take into consideration when reviewing their Tech-Debt inventory. We had placed a heavy emphasis on tracking all open source with our development of 3Edges for dynamic authorization and I feel really proud of our team having kept track of what code came from where and under what licensing. We also leverage synk to check on our compliance etc.
Words spoken from experience Eric, no doubt. To make your recommendation to monitor and inventory your product's use/dependency on open source software even more actionable, I have had good experiences with source code analyzers, and would say that this could be worth investing on (not only for open source usage monitoring but for general source code quality and hygiene). Here is an example: https://snyk.io/product/open-source-security-management/license-compliance/ - I wonder what other's take is on this
Hi Eric;
Another insightful article and one that all product managers should take into consideration when reviewing their Tech-Debt inventory. We had placed a heavy emphasis on tracking all open source with our development of 3Edges for dynamic authorization and I feel really proud of our team having kept track of what code came from where and under what licensing. We also leverage synk to check on our compliance etc.
Thanks for the blog post;
Derek