Three things to consider before implementing open source WMS
Open source code and software programs are becoming more common in enterprise applications, but you might be introducing significant dangers to your operations. While an open source platform might be designed for one element, such as warehouse management, you’re potentially giving it access to any connected program or account as well.
Security is the number one consideration when implementing open source WMS software, and there are three main pillars to look at: risk, policies, and long-term viability.
1. An appreciation of the risk
Open source software can be a target for cyber criminals, though it may not be as big a risk as you imagine if there isn’t an easy way to profit from the intrusion.
Open source WMS and other programs are thought to be in danger because their code is available on the web. That means hacking groups know exactly what you have installed and can make something specific to target it. However, the open source community usually responds to these intrusions quickly and an established open source WMS provider will take the time to protect implementations.
You can reduce your security risks by looking at software that requires a license or by joining a consortium to access the code. The good news is that issues threatening open source software can be resolved by any contributor, so you don’t necessarily have to wait for months for a patch, which you’ve probably experienced in the past with mainstream operating systems.
2. A strong security strategy
Open source WMS and other software are actually becoming safer to a large extent because enterprises are willing to commit time and money to the development and maintenance of these systems, and then share those improvements with others.
The best way for you to protect your warehouse is to ensure that you have a security policy and seek out secure network support prior to implementation. Create a policy that clearly outlines procedures for installation and maintenance of any open programs, plus has a security layer to monitor these tools.
Look for an open source WMS that has the backing of companies similar in size to you. If the developer community is active, you may be able to see their test results and get security tips or best practices for that specific implementation.
Evaluate everything as thoroughly as possible – as you do for any software you implementation – but don’t pass over open source WMS software just because it’s open.
3. Is it viable, long term?
Open source WMS software is a group effort, and you’ll need a strong team to continue to build on the platform and provide future protections. Before you adopt any open source software of any kind, always look at the community that supports its growth.
Unfortunately, long-term viability is hard to predict. Earlier this year, the Open-Source Vulnerability Database (OSVDB) shut its doors after nearly 14 years of providing developers and experts with ways to update software used by large companies.
OSVD had a strong foundation in exploitation and penetration testing early on, but eventually became connected with a company that had exclusive licensing to OSVDB content. This made the service and its content much less open, harming the model.
The most dangerous thing, and most important for you reading, is that when OSVDB shut down, many open security products became less effective because they relied on OSVDB references. While many companies can (and likely will) bootstrap new databases, these may either be incomplete, incorrect or commercial, meaning you’re not necessarily safe or saving.
Featured white papers
Wearable tech in the warehouse: three innovative use cases
Warehouse uses for wearable tech that could make your team that bit more efficient
Four WMS implementation case studies you can learn from
Lessons from real-world WMS implementation case studies you can apply from your own project
Keeping disaster recovery in mind: what to ask WMS vendors
Make sure you're clear on your WMS vendor's stance to these disaster recovery issues before you p...