Open Source Software
When Open Source Software opens Pandora's Box!
The use of Open Source software provides tremendous leverage when used correctly. For example, SONiC is a trendy and low-cost way to add Layer 3 routing services to your next-generation network products. Likewise, Open Source software is available for Operating Systems, Deep Packet Inspection, video quality measurement algorithms, databases, and many other applications.
Companies are advised to assess the potential security risks in embracing Open Source software. In many ways Open Source software can provide the lowest risk of security back doors because the source code is open to the associated community for review and is open to study.
On the other hand Open Source software is often intended to provide access to data that is very sensitive, for example in the case of security concerns including Man in the Middle (MITM) attacks and covert packet tapping that are inserted into in-line software based packet forwarding. This can affect software such as used with DPDK and SwitchDev. Both are commonly used in data centers currently.
Finally, corporations need to ensure that the overall delivered code does not include undisclosed or unlicensed code, or Open Source that includes an End-User License Agreement (EULA) that must be agreed upon by the end user.