In this podcast episode, host Dave Sobel interviews Paula Paul, the founder and distinguished engineer at Grayshore, about the importance of open source in businesses. Paula emphasizes that open source is already deeply integrated into most commercial applications, with a vast majority of software relying on open-source libraries. She highlights the need for businesses to effectively manage and secure their open-source dependencies, especially in light of recent instances where open-source has been used as an attack vector for social engineering.

Paula discusses the challenges faced by organizations in managing dependencies on open-source packages, which have significantly increased in complexity over the years. She advises businesses to become more aware of the open-source packages they rely on and to prioritize securing customer-facing assets. Paula also recommends getting involved with organizations like the OpenJS Foundation and leveraging services from companies like Tidelift and HeroDevs to support and secure open-source dependencies.

The conversation delves into the risks and benefits of using open-source software, highlighting the potential for social engineering attacks and licensing issues. Paula argues that the open-source model offers more agility and community support compared to closed-source solutions but also stresses the importance of contributing back to the open-source ecosystem. She encourages businesses to support the preservation of open source as a valuable natural resource and to align their missions with the values of the open-source community.

As the discussion turns to the intersection of AI and open source, Paula sees opportunities for leveraging AI tools to enhance open-source projects, particularly in areas like code analysis and testing. She suggests that service organizations looking to engage with open source should explore projects within foundations like the OpenJS Foundation, Finos, and CNCF. Paula emphasizes the importance of human expertise in cybersecurity and the need for continuous monitoring and rapid response in today's threat landscape.

Supported by:

https://getinsync.ca/mspradio/

https://www.huntress.com/mspradio/

All our Sponsors:   https://businessof.tech/sponsors/

Support the vendors who support the show:

👉 https://businessof.tech/sponsors/

Get exclusive access to investigative reports, vendor analysis, leadership briefings, and more.

👉 https://businessof.tech/plus

Want the show on your favorite podcast app or prefer the written versions of each story?

📲 https://www.businessof.tech/subscribe

Looking for the links from today’s stories?

Every episode script — with full source links — is posted at:

🌐 https://www.businessof.tech

Pitch your story or appear on Business of Tech: Daily 10-Minute IT Services Insights:

💬 https://www.podmatch.com/hostdetailpreview/businessoftech

LinkedIn: https://www.linkedin.com/company/28908079

YouTube: https://youtube.com/mspradio

Bluesky: https://bsky.app/profile/businessof.tech

Instagram: https://www.instagram.com/mspradio

TikTok: https://www.tiktok.com/@businessoftech

Facebook: https://www.facebook.com/mspradionews

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.