Keeping Open Source Code Safe: 5 Tips for the Enterprise

1 | 2 | 3 | 4 | 5 | 6 | 7

Keeping Open Source Code Safe: 5 Tips for the Enterprise-4

Kill the Contagion

While security researchers work hard to ferret out vulnerabilities ahead of the black hats, the majority of open source developers are not security experts. Many open source code vulnerabilities arise from misconfiguration by end users. The security landscape is full of traps at many levels.

With modern code bases comprising tens of millions of lines of code, automation is key to realizing the benefits of open source hygiene. While human oversight is necessary and helpful in identifying vulnerabilities, effective hygiene comes from orchestrating automated scanning with build engines and continuous integration platforms. With a comprehensive bill of materials (BOM) for an organization's open source code, you can then perform automated scans to supply critical information about security vulnerabilities, licensing conflicts, and version deprecation and proliferation.

With more than 4,000 security vulnerabilities reported each year – nearly half of them in open source software – it is imperative to know your code. Enterprises need to continuously monitor open source inventory, detect known vulnerabilities and receive alerts as new vulnerabilities that may impact the business are discovered.

Less than half of the respondents to the Black Duck Software "2015 Future of Open Source" survey reported having adequate policies and procedures in place to assure a secure open source selection and approval process. Without this, enterprises cannot truly know their code and lack the necessary visibility and control of open source to secure and manage their environments.

Black Duck Software conducts nearly 1,000 on-demand code scans each year and every scan identifies open source software that the organization did not know it was using. In this slideshow, Black Duck has identified five tips enterprises should consider when trying to keep open source code safe.

More Slideshows

PAM Solutions: Critical to Securing Privileged Access

To protect the company from those insiders who abuse their privileged access and from hackers with stolen credentials, many companies are turning to a privileged access management (PAM) solution. ... More >>

How Can We Fix the Fake News Problem?

Is fake news a security issue? Some say yes, as it can be used as a social engineering tool to spread disinformation and conceivably to get unsuspecting users to click on malicious links. ... More >>

The World According to Blockchain

Blockchain comes with many costs and is surrounded by confusion. Here, we examine realistic use cases, drawbacks and the potential of blockchain. ... More >>

Subscribe Daily Edge Newsletters

Advertiser Disclosure: Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.