1 / 5

Manage Open Source Risk but Keep Engineers Empowered

Recent attacks exploiting vulnerabilities in #opensourceu200b code have exacted huge costs from #enterprisesu200b, highlighting the criticality of Open Source Security and the need to execute and monitor related security strategies.

3970
Download Presentation

Manage Open Source Risk but Keep Engineers Empowered

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Manage Open Source Risk but Keep Engineers Empowered

  2. Manage Open Source Risk but Keep Engineers Empowered One of the major challenges faced by developers is to create a unique, customized, and compelling customer experience quickly. As a result, they no longer write all their own code to solve every problem. Instead, they assemble, configure, and automate their code and often rely on common open source components to quickly add application functionality.  One recent study showed a 21% year-over-year increase in the average number of open source components across the study’s evaluated codebase. However, these same critical open source components continue to present a risk to businesses.  The State of Open Source Consumption   According to the latest report written by Gordon Haff, a technology evangelist at Red Hat, on the State of enterprise open source, “95% of respondents say open source is strategically important.”  The survey of 950 IT leaders was commissioned by Red Hat to better understand the unique role of enterprise open source. Interestingly, the respondents are unaware that Red Hat was the sponsor of this research.  As part of this survey, “77% of respondents agree enterprise open source will continue to grow. They believe that the growth of open source software will come at the expense of proprietary software. Respondents cite security and cloud management tools as top uses of enterprise open source.” 

  3. Manage Open Source Risk but Keep Engineers Empowered • The Risk involved with Open Source  • Open Source Security refers to the risks developers and security teams are facing today when running third-party, open source code in their applications, and the processes, methodologies, and tools they are deploying to mitigate them.  • Open source risk is growing exponentially. Senior Infosec Architects need a 360-degree view of application security issues across the custom code and open source components before it is pushed through to the QA team.  • 80% of application code comes from open source libraries • 62% of organizations do not have any control over what components are used in their applications • 31% of organizations experienced a breach related to vulnerable open-source components • Open source is powering the digital transformation we are witnessing today and is used by companies of all sizes, across all industry verticals. Yet it also comes with risks. Developers are pulling in vast amounts of open source dependencies without any security control or visibility.  • Acknowledging these risks is an important first step but should be followed up with investment and maintenance of a well-articulated Open Source Security plan that includes continuous security testing and monitoring. 

  4. Manage Open Source Risk but Keep Engineers Empowered After prioritization, it is equally imperative to remediate these vulnerabilities automatically. Based on the security vulnerability policies triggered by vulnerability detection & severity, automated remediation workflows can be initiated. A good SCA solution helps you keep your open source components continuously patched to avoid being exposed to known vulnerabilities.  The main challenge in today’s complex digital world lies in securing your application. With the right Software Composition Analysis solution, you are one step closer to mitigating your open source risk.  Cigniti invites you to join an interesting webinar where Rajesh Sarangapani, Head of Innovation & Practice at Cigniti will be joined by Mitun Zavery, Director Pre-Sales Engineering, Sonatype to discuss how enterprises need to secure not just the code they write, but also the code they consume from open source projects. The session will help the attendees understand the state of open source consumption and the risks involved with it. They will also get an understanding on why Software Composition Analysis is a ‘must have’ and how can the open source challenges be dealt with.  Register for the webinar and save your spot to listen to some interesting insights on Feb 24th, 2021.  Being a global leader in independent quality engineering services, Cigniti is a strong advocate of Quality Assurance and its implementation right from the early stages of the software lifecycle. We encourage customer feedback and believe in including such feedback in our broader testing approach. We take great measures to ensure that we are fully equipped with state-of-the-art services and have partnered with other experts that specialize in providing testing services. Talk to us. 

More Related