[infographic] are we really securing our applications?

ARE WE REALLY SECURING OUR APPLICATIONS? 0 1 0 1 1 0 1 0 0 0 0 1 0 0 1 1 1 1 1 0 1 0 0 0 These days, of an application is assembled from open source components. 80 % Forever changing the way we develop software... Open Source Software Usage Has Exploded 2012: 8 Billion 2013: 12 Billion! POLICIES ARE NOT OPEN SOURCE IS POPULAR Psssst; and of those policies don’t even address security 29% Yet only of organizations have policies governing component usage. 57% of all applications contain a critical ﬂaw in at least one open source component 71% Using risky components is now #9 on OWASP’s Top 10 Application Security Concerns. In manufacturing we call this a “Bill of Materials” And, nearly of organizations don’t know which components are used in their applications. 2/3 40% Security is a top concern 60% Not focused on it. Don’t have time. Someone else is responsible. of developers are not concerned about security 60% Today’s popular application “scanning” tools don’t assess components (or their dependencies) Plus, most application security methods can’t see components. We are NOT eﬀectively securing our applications CONCLUSION: Continuous monitoring —— new vulnerabilities are always being discovered, you need to know where you are at risk. 5 Governance across the software lifecycle —— policies that are enforced across the DevOps toolchain ensure defense-in-depth. 4 Developer control —— provide information within the IDE to make it easy for developers to pick the best components from the start. 3 Automated OSS governance —— manual processes just don’t work! 2 Application “Bill of Materials” —— you need to know what’s in your apps. 1 Top 5 Ingredients to secure apps composed with open source: SOURCE: Sonatype 2013 survey of 3500 developers, architects and managers across all industries, company sizes and geographic regions – making it the largest, most comprehensive survey of its kind. www.sonatype.com/survey2013 www.sonatype.com White paper: Learn how to minimize risk in open source-based applications.

Upload: sonatype-corp

Post on 22-Nov-2014

197 views

Category:

Technology

3 download

Report

Download

Embed Size (px):

DESCRIPTION

Eye-opening statistics about the lack of open source governance in the application development process. Based on a 2013 survey of 3500 developers, architects and managers across many industries.

TRANSCRIPT

ARE WE REALLY SECURINGOUR APPLICATIONS?

01011010

00010011

11101000

These days,

of an application is

assembled from open

source components.

80%

Forever changing the way we develop software...

Open Source Software Usage Has

Exploded2012: 8 Billion

2013: 12 Billion!

POLICIESARE NOT

OPEN SOURCE IS POPULAR

Psssst; and of those policies don’t even address security

29%

Yet only of

organizations have policies

governing component usage.

57%

of all applications contain

a critical flaw in at least one open

source component

71%

Using risky components is now #9 on OWASP’s Top 10 Application Security Concerns.

In manufacturing we call this a “Bill of Materials”

And, nearly of

organizations don’t know

which components are

used in their applications.

2/3

40% Security is a top concern

60% Not focused on it. Don’t have time.Someone else is responsible.

of developers are not

concerned about security60%

Today’s popular application “scanning” tools don’t assess components (or their dependencies)

Plus, most application security methods can’t see components.

We are NOT effectively securing our applicationsCONCLUSION:

Continuous monitoring —— new vulnerabilities are always being discovered, you need to know where you are at risk.

Governance across the software lifecycle —— policies that are enforcedacross the DevOps toolchain ensure defense-in-depth.

Developer control —— provide information within the IDE to make it easyfor developers to pick the best components from the start.

Automated OSS governance —— manual processes just don’t work!2

Application “Bill of Materials” —— you need to know what’s in your apps. 1

Top 5 Ingredients to secure apps composed with open source:

SOURCE: Sonatype 2013 survey of 3500 developers, architects and managers across all industries, company sizes and geographic regions – making it the largest, most comprehensive survey of its kind. www.sonatype.com/survey2013www.sonatype.com

White paper: Learn how to minimize risk in open source-based applications.

http://img.en25.com/Web/SonatypeInc/%7Bc5422af4-71c5-42d1-aa7d-560833e86ec3%7D_sonatype_wp_clm_R.pdf

http://blog.sonatype.com/people/2013/04/sonatype-announces-results-from-oss-survey/#.UlMlBCR56jd

It's Time to Really See Your Supply Chain [infographic]

Module 4: Securing the Web Server 1. Overview Securing IIS Securing Apache 2

Securing small Securing small business business

Securing Debian Manual – securing-debian-howto.pt-br.pdf

INFOGRAPHIC: Can Facebook, Twitter And Linkedin Really Get You A Job? - BusinessInsider

Securing Your Commerce Business Infographic

BYODdocs.ismgcorp.com/files/transcripts/ISMG_byod_panel...perspective, it’s really about securing the user and BYOD is an opportunity, really the first time employees are being enabled

Connected Retail Wi-Fi Infographic - Deliver Network …Connected Retail Wi-Fi Infographic Subject In retail, physical is the new digital. Explore the four core pillars of securing

CARM infographic 2016 CARM In Numbers - Exclusive Networks · 7. 2016 Gartner CIO Agenda Report 8. KPMG – Securing the beneﬁts of industry digitization, a report for Vodafone