Keeping Open Source Code Safe: 5 Tips for the Enterprise

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Next

Beware 'The Grim Breachers'

They can kill your brand and deplete your cash. One way to keep "The Grim Breachers" at bay is to know your code. Only by having visibility into the open source code in your applications and containers can you have the control you need to secure and manage that code. It seems straightforward, but 99 percent of Black Duck on-demand scan audits find unknown open source. And the "2015 Future of Open Source" survey showed that more than 55 percent of companies lack policies for open source use; more than 50 percent were unhappy with visibility into security vulnerabilities and only 16 percent have automated code approval process.

Although 95 percent of organizations rely on open source for at least some part of their operations, most companies don't have accurate information about the open source they're using, nor if their open source has any known security vulnerabilities. What's required is automation for visibility and control, identifying and mapping inventory to all known open source security vulnerabilities, providing comprehensive license compliance information, and issuing alerts if any new known vulnerabilities are found. It's important to know your code.

With more than 4,000 security vulnerabilities reported each year – nearly half of them in open source software – it is imperative to know your code. Enterprises need to continuously monitor open source inventory, detect known vulnerabilities and receive alerts as new vulnerabilities that may impact the business are discovered.

Less than half of the respondents to the Black Duck Software "2015 Future of Open Source" survey reported having adequate policies and procedures in place to assure a secure open source selection and approval process. Without this, enterprises cannot truly know their code and lack the necessary visibility and control of open source to secure and manage their environments.

Black Duck Software conducts nearly 1,000 on-demand code scans each year and every scan identifies open source software that the organization did not know it was using. In this slideshow, Black Duck has identified five tips enterprises should consider when trying to keep open source code safe.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

Security117-190x128.jpg 5 Steps to Protect Executives from a Whale-Phishing Attack

Whaling is a type of spearphishing targeting "big fish" in an organization with access to sensitive, highly-valuable information. ...  More >>

Security116-190x128.jpg 5 Common Failures Companies Make Regarding Data Breaches

Five common failures companies make when preparing for, and responding to, a data breach, as well as guidance for companies on how they can tackle these issues. ...  More >>

Security115-290x195 Data-Centric Approach Starves Data-Hungry Cybercriminals

Incorporating security capabilities such as encryption, better control and management and a data security framework will help alleviate the burden breaches place on the organization and people's lives. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.