Note OSS collaborative review and development

david-a-wheeler · david-a-wheeler · commit a9e55fabbc3d · 2024-12-09T23:47:54.000-05:00
Expand, with a few words, to explain some of the advantages
of OSS, to justify the text that follows.

Signed-off-by: David A. Wheeler &lt;dwheeler@dwheeler.com&gt;
diff --git a/secure_software_development_fundamentals.md b/secure_software_development_fundamentals.md
@@ -1243,7 +1243,7 @@ Many systems support installing extensions that are separately developed and mai
 
 We use the term “reused software” here, because that is our primary concern. This reused software includes all the software you depend on when the software runs, aka its dependencies.
 
-In most cases, the majority of a software application's code is reused software that is licensed as open source software (OSS).  OSS is, briefly, software where users have the freedom to run, copy, distribute, study, change and improve the software (this is actually the [Free Software Definition](https://www.gnu.org/philosophy/free-sw.en.html)). A very widely-used and more detailed definition of OSS is the [Open Source Definition (OSD)](https://opensource.org/osd) from the [Open Source Initiative (OSI)](https://opensource.org), who also maintain a list of [OSI Approved Licenses](https://opensource.org/licenses).  Studies show that the average percentage of OSS in software applications is somewhere between 77% ([Black Duck 2024](https://www.blackduck.com/resources/analyst-reports/open-source-security-risk-analysis.html)) and 90% ([Sonatype 2024](https://www.sonatype.com/state-of-the-software-supply-chain/introduction)).
+In most cases, the majority of a software application's code is reused software that is licensed as open source software (OSS).  OSS is, briefly, software where users have the freedom to run, copy, distribute, study, change and improve the software (this is actually the [Free Software Definition](https://www.gnu.org/philosophy/free-sw.en.html)). A very widely-used and more detailed definition of OSS is the [Open Source Definition (OSD)](https://opensource.org/osd) from the [Open Source Initiative (OSI)](https://opensource.org), who also maintain a list of [OSI Approved Licenses](https://opensource.org/licenses).  Software licensed as OSS can be collaboratively reviewed and developed worldwide.  Studies show that the average percentage of OSS in software applications is somewhere between 77% ([Black Duck 2024](https://www.blackduck.com/resources/analyst-reports/open-source-security-risk-analysis.html)) and 90% ([Sonatype 2024](https://www.sonatype.com/state-of-the-software-supply-chain/introduction)).
 
 Since it's so common, let's focus on tips on how to evaluate OSS before reusing it. Many of these tips will also apply to evaluating closed source software.
 
