Best Practices for using OpenSource Tools in Enterprises

Gini Gini Follow · 2 mins read
Best Practices for using OpenSource Tools in Enterprises
Share this

These are purely personal notes - but publicly available - and do not blindly follow the items.

Consider paid Opensource services as well

  • Opensource doesn’t mean everything free. Whatever community versions are free ($) but do consider paid optiions for better support.
  • Paid services will be better in terms of QA, Stability, Release Cycle and Support.
  • Organizations who are ready to take care of above items can think about community supported editions easily.

Be a contributor to the Community

  • Report bugs on time
  • Raise feature requests and contribute back
  • Be part of opensource development and testing team

Implement the best class Application monitoring System

  • make sure the applciation are under monitoring
  • observability is the key
  • reporting mechanism and follow up tracking should be in place

Check in Vulnerability Database

  • Check in all Vulnerability databases available.
  • Check in poduct Vulnerability page regularly.

Check the Long Term Support (LTS) before implementing

  • Make sure the tool is having long term support.
  • Check the popularity and community strength.

Practice Software Inventory

  • Keep your software and tools database uptodate.
  • Keep the version information, Vulnerability tracker, upgrade options, End of Life (EOL)

Implement Least Privilege Policies

  • Allow access based on demand and request
  • Block all access unless it is needed

Follow the Patching and Upgrade schedules

  • Do not wait for an issue
  • Upgrade and patch systems based on availability

Test, Stage and push to Production

  • Do not try anything in production as we do not know what all tests and QA has been completed from the opensource community level.
  • Refer the release notes carfully before implementation/upgrade process.

NO Default Passwords

  • Change all default passwords to secure passwords (follow organization password policies)
  • Keep passwords in vault or password manager.

Check the License of Opensource Tools

  • Make sure the license is acceptable as per organization policies
  • Check what all data will be collected and send to external systems (if any) for improvement/analytics.

Keep Source Codes in local repositories for scanning

  • Scan the source code by yourself using tools
  • Test fixes and bugs and propose to community


Written by Gini Follow
Backpacker, Foodie, Techie

Latest Stories