The rich repository of open source software, with a vast community of developers tailoring and editing code, has enabled businesses to quickly build and deploy products. The building blocks of software, developers draw on snippets of open source code, weaving the pieces into a larger vision. 

Sounds like a dream, right? Maybe not. 

The open source community often lacks security checkpoints, and if code posesses flaws, it can leak a vulnerability into an enterprise software stack. 

This issue was best illustrated by the Log4j vulnerability, disclosed in December 2021. The vulnerability in a short line of code had companies racing to determine if the flaw lived in their stack. It reemphasized the growing software bill of materials movement, which would detail what code a product possessed. 

But security will linger, and the best defense is for companies to deploy patch management programs that cut down on the length of time a vulnerability can live in a tech stack.