open source security - it can be done easily
TRANSCRIPT
OPEN SOURCE SOFTWARE IS EVERYWHERE
B I T C O I N
I O T
H E A LT H C A R EL I N U X
A N D R O I D
A U T O M O T I V E
B L O C K C H A I N
F I N T E C H D E V I C E S
O P E N S S L
A PA C H E S T R U T S
S E C U R I T Y C A M E R A S
P R O D U C T S Y O U S H I P
P R O D U C T S Y O U B U Y
Y O U R W E B S I T E
M I C R O W AV E
95% 50% 25MM
YOU USE OSS MORE THAN EVER
MORE THAN
of IT organizations leverage open-source software assets*
Source: Gartner
MORE THAN
of all code written today is Open Source*
Source: Flexera OSS Fact or Fiction report 2017
MORE THAN
repositories of Open Source code exist today*
Source: Github
YOU ALSO RUN A GROWING RISK OF THREATS
H E A R T B L E E DCVE-2014-0160
S H E L L S H O C KCVE-2014-0160
G H O S TCVE-2015-0235
S T R U T S 2
CVE-2017-5638
WE GET THE DILEMMA
Try these steps to find your best process manage your risk.
You need a Simple On-ramp.
You need choicesAutomated scans, hands-on, or somewhere in between.
EASILY MANAGE OSS SECURITY
Step 1: Get a team in place.
Step 2: Hook up your security solution.
Step 3: Focus on high priority issues first.
Step 4: Pay attention to alerts.
–Ad hoc or formal
–Legal, security, engineering
FACT: Less than 50%of companies have a team in place to set Open Source policy.
* Flexera OSS Fact or Fiction report 2017
STEP 1 - GET A TEAM IN PLACE
*
STEP 2 - HOOK UP YOUR SECURITY SOLUTION
Integrate security scans into your build process
Get Automated high level analysis of all your Code
STEP 3 - ELIMINATE HIGH PRIORITY ISSUES
Focus on the highest priority first
LICENSE EXPOSURE INVENTORY PRIORITY
22VULNERABILITIES
32ITEMS
32ITEMS
VULNERABILITYEXPOSURE
STEP 4 - PAY ATTENTION TO ALERTS
Continuous monitoring is keyWatch out for alerts if a new vulnerability is discovered in current or shipped products
WHAT ABOUT HIGH RISK PROJECTS?
Good question! Dial up the depth of analysis to include
C O N TA I N E R S B U I L D D E P E N D E N C I E S
S O U R C E C O D E
“ C O P Y + PA S T E ” S O U R C E C O D E
M U LT I M E D I A F I L E SB I N A R I E S
MANAGE THAT SOFTWARE SUPPLY CHAIN!
Y O U R C O D E
S U P P L I E R C O D E
O P E N S O U R C E P R O J E C T S
P A R T N E RC O D E
AND TAKE CONTROL OF OPEN SOURCE SOFTWARE
G E T C L E A N , S T A Y C L E A N
W I T H F L E X E R A
AL ERTTo New OSS Vulnerabilities
MANAGEOSS Vulnerabilities
COMPLYWith OSS Licenses
S E L EC TSecure OSS Components
TRACKOSS Usage
EXPLORE SOME RESOURCES
Follow our
BLOGRead our
RESEARCH REPORTS
Explore
OSS TRENDS &PREDICTIONSFOR 2018