It’s no secret that the software of today is built on top of OSS. Even in the commercial space, many of the largest and most profitable products are built on the back of open source contributions by a large number of developers throughout the world.
Some products built on top of OSS include:
Reddit (BackBoneJS, Bootstrap)
Twitch (Webpack, nginx)
YouTube (Polymer)
LinkedIn (EmberJS)
Microsoft Office Web (Angular)
Amazon DocumentDB (MongoDB)
Beyond simply being OSS reliant, many companies now make their core products available as open source software and make revenue with support or ongoing services instead of by selling the products directly. Some examples of this are:
Automattic Inc. (WordPress)
Canonical (Ubuntu)
Chef (Chef)
Docker (Docker)
Elastic (Elasticsearch)
Mongo (MongoDB)
GitLab (GitLab)
BuiltWith is an example of a web application that fingerprints other web applications in an
attempt to determine what technology they are built on top of (Figure 17-1). This is useful for quickly determining the technology behind a web application.
Reliance on OSS, while convenient, often poses a significant security risk. This risk can be exploited by witty and strategic hackers. There are a number of reasons why OSS can be a risk to your application’s security, and all of them are important to pay attention to.
Figure 17-1. BuiltWith web application
First off, relying on OSS means relying on a codebase ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month, and much more.
