Keeping Open Source Code Safe: 5 Tips for the Enterprise

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Keeping Open Source Code Safe: 5 Tips for the Enterprise-3 Next

Beware of Sleeper Cells

Open source makes its way into code bases in a variety of ways – in supply chain code, in proprietary code, in outsourced code, in reused code, in third-party code and in legacy code. Most companies, by their own admission, lack adequate policies and procedures to assure a secure open source selection and approval process.

Without the ability to automatically identify and inventory open source and then have access to a database matching to detect known security vulnerabilities, companies are in the dark about potential enemies lurking within. The undetected known security vulnerabilities are "sleeper cells" waiting to be exploited and there is no shortage of "bad guys" happy to oblige.

With more than 4,000 security vulnerabilities reported each year – nearly half of them in open source software – it is imperative to know your code. Enterprises need to continuously monitor open source inventory, detect known vulnerabilities and receive alerts as new vulnerabilities that may impact the business are discovered.

Less than half of the respondents to the Black Duck Software "2015 Future of Open Source" survey reported having adequate policies and procedures in place to assure a secure open source selection and approval process. Without this, enterprises cannot truly know their code and lack the necessary visibility and control of open source to secure and manage their environments.

Black Duck Software conducts nearly 1,000 on-demand code scans each year and every scan identifies open source software that the organization did not know it was using. In this slideshow, Black Duck has identified five tips enterprises should consider when trying to keep open source code safe.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

blockchain The World According to Blockchain

Blockchain comes with many costs and is surrounded by confusion. Here, we examine realistic use cases, drawbacks and the potential of blockchain. ...  More >>

biometrics Biometrics: Moving Far Beyond Fingerprints

Biometrics are changing the way we think about security. Here are some of the more innovative ways biometrics are being used and what we can expect in the future. ...  More >>

Privacy rollback Security Pros Give Their Opinions on ISP Data Privacy Rollback

IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.