February 28, 2024
Engineering leaders at startups often have big goals for their team but aren't sure where to start. Overwhelm creeps in which results in spending time on less important tasks. A great place to start is getting a lay of the land: inventorying your technology and tools. You probably have a great idea of your main tech stack: languages, frameworks, and critical services. Going one step further can help you decide where to spend your energy next.
Catalog your dependencies
- Language and Frameworks: you likely already have this, but this might include open source frameworks and a list of languages
- Deployment: what services do you use to deploy your code?
- Libraries and tools: do you pull in any external datasets? Use any external tools? Use open source tools?
Identify licenses
After you have the catalog above, next you can fill out the licenses of each item in your list. For external services, it may be good to revisit the End User License Agreement (EULA). The purpose of all of this is to understand if there are any limitations placed on usage for anything you include in your product. If your legal team hasn't asked you about this yet, they will be so happy that you're a step ahead of them! You need your product to be in compliance with all license terms. It's common for this to be challenging for certain license types, so sometimes its necessary to find a backup plan such as replacing the respective library with custom-built code.
Security scanning
Another next step you could take is maturing your cybersecurity practices by considering everything you've listed in the catalog you made above. As you mature, your security practices will need to, too. You may already have compliance requirements depending on your industry, customers, and maturity level. According to a survey by Synopsys, 60% of the codebases that were audited in 2020 contained open source vulnerabilities1, emphasizing the need to be up-to-date with licensing terms to mitigate risks.
Continued Momentum
It can feel daunting to figure out what steps to take toward your goal of maturing your engineering organization. Not only is taking inventory an excellent place to start, but it also serves as a strategic foundation to guide your next steps. Begin with this step and you'll have momentum to find the right next step for you and your team.
If you're looking for more guidance toward your goals, especially if an investment or acquisition event might be in your future, please get in touch. Our team is ready to partner with you.
[1]: Synopsys. 2021. The 2021 Open Source Security and Risk Analysis Report.