"Not following enterprise-level change control standards is a big and costly problem for business. Jennifer Bayuk, an independent security consultant and former CISO of Bear Stearns, reckons that there is a "hidden cost for the enterprise" in using open source because businesses will have to "test and patch for security bugs they don't anticipate.""