Open source use should come with oversight of the risks
Open-source software is widely used in business, but companies often lack visibility into their use of it, as was evident with a recent Log4j vulnerability. Experts recommend better management practices, including using software bills of materials and evaluating the health of open-source projects.
Full Story: IT Pro (3/26)
Open Source, has always been a point of contention when looking at the security aspect of software. In a commercial program/software the company has to know who it is employing and do security checks to ensure the safety of the software, however in a opensource package, we have no clue who the players are and if security checks are performed on any of the contributors.
It has been known that backdoors have been programmed into some of the open source software that is freely available, that has remained undetected for years.
Most users of Open Source do not have the ability to evaluate the security issues of the supplied software.