{"id":51846,"date":"2023-07-26T10:02:40","date_gmt":"2023-07-26T14:02:40","guid":{"rendered":"https:\/\/sdtimes.com\/?p=51846"},"modified":"2023-07-26T10:02:40","modified_gmt":"2023-07-26T14:02:40","slug":"the-need-for-a-chief-open-source-officer","status":"publish","type":"post","link":"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/","title":{"rendered":"The need for a chief open source officer"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Just as software security has become strategic for many organizations, so too has the use of open source in development become strategic. And, as organizations realized they needed to create the role of chief information security officer (CISO), they are now coming to understand the importance of creating an open source program office to be run by a chief open source officer (COSO).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The COSO&#8217;s function is to monitor and advise corporate finance on the use of open source within the organization. Yet, until recently, searches for people who actually use the COSO title yielded few results.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The main reason developers are grabbing open-source components and libraries is because of the pressure on them to deliver software faster. According to Javier Perez, chief open source evangelist and senior director of product management at software company Perforce,\u00a0 developers know that if something has already been written, it will save them hours of work. If that piece of code comes from a company-supported project, or one that has a large community of contributors, it&#8217;s probably the most recent version and it&#8217;s likely to be secure. But, he noted, &#8220;There is still a lot of open source out there that has one or two or three guys working on it, but I think it just shifts the bottleneck from upfront, where it would take longer to write the code securely yourself, and just moves it down the line. Now we have to test it longer. This is the age-old argument of, are you sacrificing quality for speed? Are you sacrificing speed for quality?&#8221;<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Few developers start from scratch anymore, Perez pointed out. &#8220;Everyone takes packages, and they don&#8217;t even know what they&#8217;re getting with the dozens or hundreds of packages they&#8217;re using for a specific library. Remember, open source is built with other open source, which is built for another open source \u2026 and that&#8217;s the full software supply chain.&#8221;<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This creates challenges for software testers as well as security teams. Open source comes with dependencies upon dependencies, so tools such as software composition analysis and SAST and DAST give organizations insights into what vulnerabilities might exist in the code. And the chief open source officer can be on top of the teams to make sure they&#8217;re using the latest versions of the open-source software and ensure that they&#8217;re uploading fixes that erase vulnerabilities.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Further, a COSO can help define which packages or components are critical for the application being built, and can create a program on how the organization can work with the community behind that project.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This is why governance, coming from an open source program office, is critical for organizations who wittingly or otherwise use open-source pieces in their code. &#8220;Typically, the open source program offices start by the way not on security; they start on tracking open-source licenses. It&#8217;s very important especially if you are commercializing software, you need to make sure that you have the proper open-source licenses.&#8221;\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">And as the offices grow, they have to define and implement some policies, working with the security and engineering teams, as well as providing education on open source and developing champions or experts that can help everyone else do their job. &#8220;Everyone is a consumer of open source, but not everyone is a contributor or maintainer of open source,&#8221; Perez said, so through training individuals can become contributors, or experts, who can now influence the direction of the software. <\/span><\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<p>Just as software security has become strategic for many organizations, so too has the use of open source in development become strategic. And, as organizations realized they needed to create the role of chief information security officer (CISO), they are now coming to understand the importance of creating an open source program office to be  &hellip; <a class=\"read-more\" href=\"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/\">continue reading<\/a><!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":205,"featured_media":51847,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"cybocfi_hide_featured_image":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[1],"tags":[16672,190,13552],"coauthors":[11448],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The need for a chief open source officer - SD Times<\/title>\n<meta name=\"description\" content=\"The main reason developers are grabbing open-source components and libraries is because of the pressure on them to deliver software faster.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The need for a chief open source officer - SD Times\" \/>\n<meta property=\"og:description\" content=\"The main reason developers are grabbing open-source components and libraries is because of the pressure on them to deliver software faster.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/\" \/>\n<meta property=\"og:site_name\" content=\"SD Times\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SDTimesD2\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-26T14:02:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/07\/charlesdeluvio-Lks7vei-eAg-unsplash.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"David Rubinstein\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:site\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Rubinstein\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/\"},\"author\":{\"name\":\"David Rubinstein\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/c5979508a52529c65d558ca23cb64a4a\"},\"headline\":\"The need for a chief open source officer\",\"datePublished\":\"2023-07-26T14:02:40+00:00\",\"dateModified\":\"2023-07-26T14:02:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/\"},\"wordCount\":576,\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/07\/charlesdeluvio-Lks7vei-eAg-unsplash.jpg\",\"keywords\":[\"CISO\",\"Perforce\",\"SCA\"],\"articleSection\":[\"Latest News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/\",\"url\":\"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/\",\"name\":\"The need for a chief open source officer - SD Times\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/07\/charlesdeluvio-Lks7vei-eAg-unsplash.jpg\",\"datePublished\":\"2023-07-26T14:02:40+00:00\",\"dateModified\":\"2023-07-26T14:02:40+00:00\",\"description\":\"The main reason developers are grabbing open-source components and libraries is because of the pressure on them to deliver software faster.\",\"breadcrumb\":{\"@id\":\"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/#primaryimage\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/07\/charlesdeluvio-Lks7vei-eAg-unsplash.jpg\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/07\/charlesdeluvio-Lks7vei-eAg-unsplash.jpg\",\"width\":1920,\"height\":1280},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/sdtimes.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The need for a chief open source officer\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sdtimes.com\/#website\",\"url\":\"https:\/\/sdtimes.com\/\",\"name\":\"SD Times\",\"description\":\"Software Development News\",\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sdtimes.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/sdtimes.com\/#organization\",\"name\":\"SD Times\",\"url\":\"https:\/\/sdtimes.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"width\":225,\"height\":90,\"caption\":\"SD Times\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/SDTimesD2\",\"https:\/\/x.com\/sdtimes\",\"https:\/\/www.linkedin.com\/company\/sdtimes\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/c5979508a52529c65d558ca23cb64a4a\",\"name\":\"David Rubinstein\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/image\/efe807ec0a4a29a22c1ba89dd5689fe2\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1b3fdab44b2a65d11f93bdc301690be3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1b3fdab44b2a65d11f93bdc301690be3?s=96&d=mm&r=g\",\"caption\":\"David Rubinstein\"},\"description\":\"David Rubinstein is editor-in-chief of SD Times.\",\"url\":\"https:\/\/sdtimes.com\/author\/david-rubinstein\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The need for a chief open source officer - SD Times","description":"The main reason developers are grabbing open-source components and libraries is because of the pressure on them to deliver software faster.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/","og_locale":"en_US","og_type":"article","og_title":"The need for a chief open source officer - SD Times","og_description":"The main reason developers are grabbing open-source components and libraries is because of the pressure on them to deliver software faster.","og_url":"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/","og_site_name":"SD Times","article_publisher":"https:\/\/www.facebook.com\/SDTimesD2","article_published_time":"2023-07-26T14:02:40+00:00","og_image":[{"width":1920,"height":1280,"url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/07\/charlesdeluvio-Lks7vei-eAg-unsplash.jpg","type":"image\/jpeg"}],"author":"David Rubinstein","twitter_card":"summary_large_image","twitter_creator":"@sdtimes","twitter_site":"@sdtimes","twitter_misc":{"Written by":"David Rubinstein","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/#article","isPartOf":{"@id":"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/"},"author":{"name":"David Rubinstein","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/c5979508a52529c65d558ca23cb64a4a"},"headline":"The need for a chief open source officer","datePublished":"2023-07-26T14:02:40+00:00","dateModified":"2023-07-26T14:02:40+00:00","mainEntityOfPage":{"@id":"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/"},"wordCount":576,"publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"image":{"@id":"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/07\/charlesdeluvio-Lks7vei-eAg-unsplash.jpg","keywords":["CISO","Perforce","SCA"],"articleSection":["Latest News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/","url":"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/","name":"The need for a chief open source officer - SD Times","isPartOf":{"@id":"https:\/\/sdtimes.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/#primaryimage"},"image":{"@id":"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/07\/charlesdeluvio-Lks7vei-eAg-unsplash.jpg","datePublished":"2023-07-26T14:02:40+00:00","dateModified":"2023-07-26T14:02:40+00:00","description":"The main reason developers are grabbing open-source components and libraries is because of the pressure on them to deliver software faster.","breadcrumb":{"@id":"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/#primaryimage","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/07\/charlesdeluvio-Lks7vei-eAg-unsplash.jpg","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/07\/charlesdeluvio-Lks7vei-eAg-unsplash.jpg","width":1920,"height":1280},{"@type":"BreadcrumbList","@id":"https:\/\/sdtimes.com\/open-source\/the-need-for-a-chief-open-source-officer\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sdtimes.com\/"},{"@type":"ListItem","position":2,"name":"The need for a chief open source officer"}]},{"@type":"WebSite","@id":"https:\/\/sdtimes.com\/#website","url":"https:\/\/sdtimes.com\/","name":"SD Times","description":"Software Development News","publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sdtimes.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/sdtimes.com\/#organization","name":"SD Times","url":"https:\/\/sdtimes.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","width":225,"height":90,"caption":"SD Times"},"image":{"@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SDTimesD2","https:\/\/x.com\/sdtimes","https:\/\/www.linkedin.com\/company\/sdtimes\/"]},{"@type":"Person","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/c5979508a52529c65d558ca23cb64a4a","name":"David Rubinstein","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/image\/efe807ec0a4a29a22c1ba89dd5689fe2","url":"https:\/\/secure.gravatar.com\/avatar\/1b3fdab44b2a65d11f93bdc301690be3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1b3fdab44b2a65d11f93bdc301690be3?s=96&d=mm&r=g","caption":"David Rubinstein"},"description":"David Rubinstein is editor-in-chief of SD Times.","url":"https:\/\/sdtimes.com\/author\/david-rubinstein\/"}]}},"_links":{"self":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/51846"}],"collection":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/users\/205"}],"replies":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/comments?post=51846"}],"version-history":[{"count":1,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/51846\/revisions"}],"predecessor-version":[{"id":51848,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/51846\/revisions\/51848"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media\/51847"}],"wp:attachment":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media?parent=51846"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/categories?post=51846"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/tags?post=51846"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/coauthors?post=51846"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}