Due to today’s fast-paced development environment, many software projects consist of more than 50% Open Source Software (OSS) components. Of those components as much as 99% are undocumented – leaving your applications vulnerable to security risks. Implementing an Open Source Management strategy allows more visibility into your company’s OSS portfolio. Quickly identify what open source components you have and where they are in your code, effectively eliminating potential vulnerabilities – like the next heartbleed or shellshock. We’ll discuss best practices for implementing a real-world solution, and how to get developer buy-in.
Key Points Covered:
- Heartbleed demonstrated that the typical software company does not know what open source it is using and where it is found
- Open Source appears in many forms from source to binary in a codebase
- Traditional static analysis tools are not sufficient for finding or managing vulnerabilities related to open source component usage
- Companies are not doing enough to educate developers and managers about open source