dcsimg

Keeping Open Source Code Safe: 5 Tips for the Enterprise

  • Keeping Open Source Code Safe: 5 Tips for the Enterprise-

    Bust the GHOSTs

    "GHOST" is a known open source security vulnerability that was found in a key component of Linux systems – the Linux GNU C Library that is used by all Linux programs. It was found in a function used to convert Internet host names to Internet addresses. If an attacker found vulnerable software and a way to transfer a properly crafted host name up to this function, the attacker could, in theory, take control of the system. The vulnerability affected almost all major Linux distributions.

    There are lots of potential GHOSTs in open source software, and the way to bust them is to have a repeatable, automated process to detect known vulnerabilities in your code base before they wreak havoc. That havoc can take the form of lost data, compromised customer information, business disruption, brand damage and costly remediation. Armed with information about where known vulnerabilities are located, remediation efforts can be accelerated and GHOSTs busted before they can scare anyone.

1 | 2 | 3 | 4 | 5 | 6 | 7

Keeping Open Source Code Safe: 5 Tips for the Enterprise

  • 1 | 2 | 3 | 4 | 5 | 6 | 7
  • Keeping Open Source Code Safe: 5 Tips for the Enterprise-2

    Bust the GHOSTs

    "GHOST" is a known open source security vulnerability that was found in a key component of Linux systems – the Linux GNU C Library that is used by all Linux programs. It was found in a function used to convert Internet host names to Internet addresses. If an attacker found vulnerable software and a way to transfer a properly crafted host name up to this function, the attacker could, in theory, take control of the system. The vulnerability affected almost all major Linux distributions.

    There are lots of potential GHOSTs in open source software, and the way to bust them is to have a repeatable, automated process to detect known vulnerabilities in your code base before they wreak havoc. That havoc can take the form of lost data, compromised customer information, business disruption, brand damage and costly remediation. Armed with information about where known vulnerabilities are located, remediation efforts can be accelerated and GHOSTs busted before they can scare anyone.

With more than 4,000 security vulnerabilities reported each year – nearly half of them in open source software – it is imperative to know your code. Enterprises need to continuously monitor open source inventory, detect known vulnerabilities and receive alerts as new vulnerabilities that may impact the business are discovered.

Less than half of the respondents to the Black Duck Software "2015 Future of Open Source" survey reported having adequate policies and procedures in place to assure a secure open source selection and approval process. Without this, enterprises cannot truly know their code and lack the necessary visibility and control of open source to secure and manage their environments.

Black Duck Software conducts nearly 1,000 on-demand code scans each year and every scan identifies open source software that the organization did not know it was using. In this slideshow, Black Duck has identified five tips enterprises should consider when trying to keep open source code safe.