open source products security Tanzu Application Catalog

CCS Insight Report: Bringing Order to Open Source Software Deployment through Curated Catalogs

A new technology research paper by tech research and advisory firm CCS Insight sheds light on the challenges enterprises face when managing open source software, and it offers insights into the value provided by Tanzu Application Catalog, a commercial, curated collection of prepackaged, continuously maintained and trusted application components.

The report by CCS Insight states that the use of open source software allows enterprise developers to focus on uniqueness in solutions rather than investing time and money building templated capabilities. CCS Insight estimates that up to 98 percent of enterprise codebases may contain open source material.

The report goes on to talk about the challenges faced by enterprises while dealing with open source software. The biggest challenge for enterprises is finding ways to take advantage of open source software solutions while meeting governance and security needs. For example, basing an important new workload on open source software that has a significant security vulnerability can have serious implications. As open source software solutions evolve, organizations need to keep current with the latest version, and a significant part of that challenge is simply being aware that an update is available upstream.

Another challenge noted in the report is that open source software vendors might not always have the marketing machinery of commercial software suppliers to alert customers about updates, which can roll out at a rapid cadence. In addition, many open source software applications are constructed from other open source components, and such dependencies could themselves become vulnerabilities, either inadvertently or by design. This also makes it difficult to satisfy regulatory and governance concerns, such as creating a software bill of materials (SBOM) for audit purposes or monitoring Common Vulnerabilities and Exposures (CVE) reports.

All in all, the report states that enterprises need to overcome several governance- and security-related challenges to nullify risks and maximize benefits from the substantial amounts of open source software that are being used by development teams.

Lastly, the report sheds light on how Tanzu Application Catalog, the enterprise edition of Bitnami Application Catalog, can help enterprises deal with the chaos of open source software. Tanzu Application Catalog enables enterprises to build a private catalog of custom-configured, prepackaged open source application components that are continuously maintained and verifiably tested for use in production environments.

To get the full paper and understand how you can bring order to your open source software deployments, download the CCS Insight report, Bringing Order to Open Source Software Deployment through Curated Catalogs, sponsored by Tanzu.

Join us for a live webinar on January 18 to learn more about Tanzu Application Catalog.