Keeping Open Source Code Safe: 5 Tips for the Enterprise

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Keeping Open Source Code Safe: 5 Tips for the Enterprise-5 Next

'Zombie' Protection

Many organizations use static analysis security testing (SAST) and dynamic analysis security testing (DAST) for monitoring, but while these tools are excellent for finding bugs in code written by internal developers, they are not effective in detecting known open source vulnerabilities in application code. In fact, open source vulnerabilities are far too complex to be found by these automated tools.

Humans can help provide protection from the "zombie" vulnerabilities. In theory, many eyes look at open source code as it's developed, integrated, and deployed; however, in practice, "many eyes" are not always enough. What's missing is ongoing curation. Developers and end users take for granted the security of many projects, but the reality is that too few people maintain piles of code that may be months or even years overdue for security review.

With more than 4,000 security vulnerabilities reported each year – nearly half of them in open source software – it is imperative to know your code. Enterprises need to continuously monitor open source inventory, detect known vulnerabilities and receive alerts as new vulnerabilities that may impact the business are discovered.

Less than half of the respondents to the Black Duck Software "2015 Future of Open Source" survey reported having adequate policies and procedures in place to assure a secure open source selection and approval process. Without this, enterprises cannot truly know their code and lack the necessary visibility and control of open source to secure and manage their environments.

Black Duck Software conducts nearly 1,000 on-demand code scans each year and every scan identifies open source software that the organization did not know it was using. In this slideshow, Black Duck has identified five tips enterprises should consider when trying to keep open source code safe.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

PAM PAM Solutions: Critical to Securing Privileged Access

To protect the company from those insiders who abuse their privileged access and from hackers with stolen credentials, many companies are turning to a privileged access management (PAM) solution. ...  More >>

Fake news How Can We Fix the Fake News Problem?

Is fake news a security issue? Some say yes, as it can be used as a social engineering tool to spread disinformation and conceivably to get unsuspecting users to click on malicious links. ...  More >>

blockchain The World According to Blockchain

Blockchain comes with many costs and is surrounded by confusion. Here, we examine realistic use cases, drawbacks and the potential of blockchain. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.