security spotlight - info.blackducksoftware.com · bareos gmbh & co. kg, black duck software,...
TRANSCRIPT
Organizations worldwide use Black Duck Software’s industry-leading products to automate the processes of securing and managing open source software, eliminating the pain related to security vulnerabilities, open source license compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com
SECURITY SPOTLIGHT
Open Source Security and Management Practices
Have Not Kept Pace With Rapid Adoption
of respondants have NO formal policy for selecting and approving open source code
said they don’t have formal processes in
place to track OS code
are tracking open source use manually
by development teams
review code for open source content only under special circumstances
of survey takers have no process for identifying, tracking or remediating known open source vulnerabilities
NEARLY
NEARLY
50%
47%
48%
are asking developers about
open source content
30%are using third party
tools to scan for open source content
21%
58%
1/3
Reviewing Code For Open Source Content Is Still Haphazard
How Companies Handle Known Vulnerabilities
Companies Aren’t Tracking Their Open Source Code
Understanding Your Open Source Code
of respondents said that no one has responsibility for
identifying & tracking remediation1/2
Who Handles Known Vulnerabilities
33%Development organizations are more likely to have responsibility for identifying and tracking vulnerability remediation than security organizations
Future of Open Source 2016 collaborators: Abilian, Acquia, Ant Systems, Appnovation, Appsembler, Ardent Technologies, Inc., Bareos GmbH & Co. KG, Black Duck Software, Capital One, Chamilo, Chef, CloudFoundry Corp, Confer, Coolan, Couchbase, Credativ, DEIS/Engineyard, Eclipse Foundation, EnterpriseDB, Evolveum, Grid Protection Alliance, Hewlett Packard, InfoSys, JFrog, Linux Foundation, Linux Professional Institute, MARSEC, Microsoft, MassTLC, Miracl, nexB, NGINX, North Bridge, Open Source Business (OSB) Alliance, Open Source EHR Alliance, Open Source Initiative (OSI), OpenClinic, Open-Xchange, Opmantek, OpusVL, Pentaho, Ravel Law, Red Hat, Rift-io, SDH Institute, Tecnisys, The Apache Software Foundation, The Document Foundation, Ubuntu, Univention, VoltDB, Wikibon, WIPRO and WP Engine. *platinum collaborators are in bold
Growing Opportunity for Policies & Procedures
Future of Open Source Survey 2016