Leveraging AI for Open Source Management
Table of Contents
Looking for a personal assistant? A reliable medical second opinion about that annoying pain in your wrist? Help choosing the perfect RomCom for movie night? The fastest way to get to the airport at rush-hour? Have no fear – AI is here.
Reading tech media and news, it would appear AI is or will be solving all of our problems – big and small; making our professional and personal lives so much easier, safer and, of course, fun and exciting. As AI continues to dominate tech trend lists and forecasts, investment and adoption of AI technologies are skyrocketing and we are introduced to new AI and machine learning innovations daily.
The software giants – Google, Microsoft, IBM, Facebook are racing to come out to market with the next big shiny – and/or lifesaving new AI product.
How smart is it really?
The term Artificial intelligence has been around since the late 1950s to describe a computer’s capacity to learn. Today everyone is racing to leverage AI and machine learning algorithms for automation projects from customer support systems to smart homes. According to a new report from KPMG, the growth of cognitive technologies like artificial intelligence will lead over 75% of tech leaders to increase hiring in IT to manage deployments, while companies like Google and Microsoft are also turning their attention and resources to the hardware – specifically the computer chips – that will power the super-algorithms that are intended to boost our future decision-making processes.
While the technology is evolving in leaps and bounds, there is still a way to go. Ideally, a state of the art AI application can scan data, make deductions, and continuously learn to make accurate predictions based on the accumulated data it gathers. Advanced AI will be able to progressively learn as it gathers and analyzes data, improving with each iteration, gaining knowledge incrementally to grow and enhance its capabilities.
A great example of how AI and machine learning can analyze data and make accurate predictions is Pandora: the music streaming and automated recommendation service. Some of us may have come to take it for granted, but the system is quite advanced: each song is analyzed by a group of professional musicians, based on 400 musical characteristics, enabling the app to magically recommend the perfect songs for users. What if we could invent a machine to gather and analyze the song, or any other type of data-heavy file? It’s hard to even imagine the scope of information and predictions a system could provide.
Another interesting and innovative use of AI is fraud prevention technologies. To ensure credit card or bank application users are safe, security applications will survey and analyze data from fraudulent and non-fraudulent sign-ins and purchases and learn the characteristics of fraudulent transactions. After tracking and analyzing enough data, the system will be able to spot a fraudulent transaction based on the signs and indications that it learned.
What about open source software?
While news about the next great AI super-application continues to hit us daily, let’s turn our attention to our little corner of the world: open source software management.
The use of open source components and libraries has been continually growing across every organization and industry. At this point, open source software components compromise between 60% to 80% of most organizations’ code base.
We already know the great advantages of integrating open source software into platforms and applications: using open source components speeds up development and reduces costs, enabling development teams to create, produce and test innovative products that can keep their organizations ahead of the market.
However, we also know the risks involved with open source usage – or more specifically, unmanaged open source usage: open source components present legal, engineering and security challenges: if developers don’t know the quality of the open source components that they are using, they could inadvertently incorporate vulnerable, unlicensed, and out-of-date components.
Since open source components are offered on a variety of online repositories, there is no way developers can know the quality or safety of the open source component that they are incorporating into their code. Tracking open source software security vulnerabilities or their fixes is also quite a challenge: there is currently no single repository for all known open source vulnerabilities. Once a vulnerability is discovered, finding the correct patch or fix for mitigation of the issue, in the numerous available open source repositories and databases – also requires a lot of man hours, and can never be completely thorough. Also, dependencies between open source components and libraries vary. Once a vulnerability and its mitigation are found, locating the risky component manually and addressing the risk to the component and relevant branches can be a time-consuming task.
Automated open source management and AI
This is the reason a continuous open source management solution is so important, and the direction that many organizations opt for. It’s also where artificial intelligence and machine learning could come in handy: what if an application could learn about which of the different open source components organization across multiple verticals use, and assess data about the specific vulnerabilities and risks involved with open source components in different libraries?
An innovative and evolved automated open source management solution could pro-actively address the challenges that open source software components present, and could leverage AI and machine learning algorithms to help organizations track, detect, and mitigate open source vulnerabilities.
While the volume of open source components might seem overwhelming when facing the challenge of tracking and mitigating security and compliance issues, AI and machine learning could possibly be leveraged to harness the many advantages of open source components to continue to enable organizations to stay ahead of the game.