Upload File

security spotlight - info.blackducksoftware.com · bareos gmbh & co. kg, black duck software,...

  • Home
  • Documents
  • SECURITY SPOTLIGHT - info.blackducksoftware.com · Bareos GmbH & Co. KG, Black Duck Software, Capital One, Chamilo, Chef, CloudFoundry Corp, Confer, Coolan, Couchbase, Credativ, DEIS/Engineyard,
1
Organizations worldwide use Black Duck Software’s industry-leading products to automate the processes of securing and managing open source software, eliminating the pain related to security vulnerabilities, open source license compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com SECURITY SPOTLIGHT Open Source Security and Management Practices Have Not Kept Pace With Rapid Adoption of respondants have NO formal policy for selecting and approving open source code said they don’t have formal processes in place to track OS code are tracking open source use manually by development teams review code for open source content only under special circumstances of survey takers have no process for identifying, tracking or remediating known open source vulnerabilities NEARLY NEARLY 50% 47% 48 % are asking developers about open source content 30 % are using third party tools to scan for open source content 21 % 58% 1/3 Reviewing Code For Open Source Content Is Still Haphazard How Companies Handle Known Vulnerabilities Companies Aren’t Tracking Their Open Source Code Understanding Your Open Source Code of respondents said that no one has responsibility for identifying & tracking remediation 1/2 Who Handles Known Vulnerabilities 33% Development organizations are more likely to have responsibility for identifying and tracking vulnerability remediation than security organizations Future of Open Source 2016 collaborators: Abilian, Acquia, Ant Systems, Appnovation, Appsembler, Ardent Technologies, Inc., Bareos GmbH & Co. KG, Black Duck Software, Capital One, Chamilo, Chef, CloudFoundry Corp, Confer, Coolan, Couchbase, Credativ, DEIS/Engineyard, Eclipse Foundation, EnterpriseDB, Evolveum, Grid Protection Alliance, Hewlett Packard, InfoSys, JFrog, Linux Foundation, Linux Professional Institute, MARSEC, Microsoft, MassTLC, Miracl, nexB, NGINX, North Bridge, Open Source Business (OSB) Alliance, Open Source EHR Alliance, Open Source Initiative (OSI), OpenClinic, Open-Xchange, Opmantek, OpusVL, Pentaho, Ravel Law, Red Hat, Rift-io, SDH Institute, Tecnisys, The Apache Software Foundation, The Document Foundation, Ubuntu, Univention, VoltDB, Wikibon, WIPRO and WP Engine. *platinum collaborators are in bold Growing Opportunity for Policies & Procedures Future of Open Source Survey 2016

Upload: phungtuyen

Post on 06-Sep-2018

216 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: SECURITY SPOTLIGHT - info.blackducksoftware.com · Bareos GmbH & Co. KG, Black Duck Software, Capital One, Chamilo, Chef, CloudFoundry Corp, Confer, Coolan, Couchbase, Credativ, DEIS/Engineyard,

Organizations worldwide use Black Duck Software’s industry-leading products to automate the processes of securing and managing open source software, eliminating the pain related to security vulnerabilities, open source license compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com

SECURITY SPOTLIGHT

Open Source Security and Management Practices

Have Not Kept Pace With Rapid Adoption

of respondants have NO formal policy for selecting and approving open source code

said they don’t have formal processes in

place to track OS code

are tracking open source use manually

by development teams

review code for open source content only under special circumstances

of survey takers have no process for identifying, tracking or remediating known open source vulnerabilities

NEARLY

NEARLY

50%

47%

48%

are asking developers about

open source content

30%are using third party

tools to scan for open source content

21%

58%

1/3

Reviewing Code For Open Source Content Is Still Haphazard

How Companies Handle Known Vulnerabilities

Companies Aren’t Tracking Their Open Source Code

Understanding Your Open Source Code

of respondents said that no one has responsibility for

identifying & tracking remediation1/2

Who Handles Known Vulnerabilities

33%Development organizations are more likely to have responsibility for identifying and tracking vulnerability remediation than security organizations

Future of Open Source 2016 collaborators: Abilian, Acquia, Ant Systems, Appnovation, Appsembler, Ardent Technologies, Inc., Bareos GmbH & Co. KG, Black Duck Software, Capital One, Chamilo, Chef, CloudFoundry Corp, Confer, Coolan, Couchbase, Credativ, DEIS/Engineyard, Eclipse Foundation, EnterpriseDB, Evolveum, Grid Protection Alliance, Hewlett Packard, InfoSys, JFrog, Linux Foundation, Linux Professional Institute, MARSEC, Microsoft, MassTLC, Miracl, nexB, NGINX, North Bridge, Open Source Business (OSB) Alliance, Open Source EHR Alliance, Open Source Initiative (OSI), OpenClinic, Open-Xchange, Opmantek, OpusVL, Pentaho, Ravel Law, Red Hat, Rift-io, SDH Institute, Tecnisys, The Apache Software Foundation, The Document Foundation, Ubuntu, Univention, VoltDB, Wikibon, WIPRO and WP Engine. *platinum collaborators are in bold

Growing Opportunity for Policies & Procedures

Future of Open Source Survey 2016

TEDESCO - WEDCO | HOME · 2019. 12. 16. · radial driven tool radial driven tool radial driven radial driven tool with internal coolan t radial tool reinforced radial orrven tool

Ubuntu everywhereodm.ubuntu.com/uhs/2011/Keynote Ubuntu Everywhere.pdf · Cloud Foundry, EngineYard, Active State & Heroku VMWare's public CloudFoundry Services is hosted on Ubuntu

pg Day Israel 2018 Taking Caremme/2018/PgDay_IL_V01.pdf · 2018. 4. 9. · credativ 2018 pg Day Israel 2018 • 1992 – 1996 Ph.D. • 1996 – 1998 Project Manager • 1998 –

Fred Cassirer Making sense of cloud July 13, 2012aoc-gardenstate.org/archive/Cloud Overview July 13.pdf · 2014. 3. 9. · Rackspace, Nebula, Eucalyptus 2010 PaaS G1 EngineYard, Heroku,

Für automatischen Wechsel - laip.es · PDF fileHSK 5 DIN 69893˜HSK FORMA A DIN 69893˜HSK FORM A DIN 69893˜HSK FORM A For automatic change. Central and ˜ange through coolan t Para

The Seneca Pattern at EngineYard Distill 2013 Conference

TEDESCO - mtmarchetti.com · radial driven tool radial driven tool radial driven radial driven tool with internal coolan t radial tool reinforced radial orrven tool radial driven

Belle-20151125130036 EXTENDED LIFE COOLAN… · Review all operations which have the potential of ... mixing, agitation, and vacuum truck operations) and use ... refer to OSHA Standard

AZURE REGIONS - download.microsoft.comdownload.microsoft.com/.../2016-01-Azure...webinar.pdf · Debian on Azure Microsoft partnered with Credativ, a member of the Linux Foundation,

Gregory Love and William Platt - "Badgeville For Yammer & Engineyard"

PostgreSQL on Power - IBM · 2016-10-07 · credativ 2016 PostgreSQL on Power FOSS Spezialisten Kompletter Stack Supported Alle großen Open Source Projekte • Über 60 Mitarbeiter

PostgreSQL Functions By Example - joeconway.com · Overview Function Basics By Example PostgreSQL Functions By Example Joe Conway [email protected] credativ Group January 20,

Making apt.postgresql.org a Reality · Making apt.postgresql.org a Reality ChristophBerg Debian PostgreSQL credativ GmbH February3,2013 Christoph

Intro to Advanced Analytics with PL/R - SCALE€¦ · Intro to Advanced Analytics with PL/R Joe Conway credativ GmbH / credativ Ltd. / credativ, LLC February 25, 2011 Joe Conway SCALE9X

MOTOREX CHALLENGE AND PRODUCT SUPPORT …...CHAIN LUBE RACING RACING COOLAN M5.O BIKE GREASE 2000 FIM INTERNATIONAL 6 DAYS OF ENDURO Oil of Switzerland 2016 OFFICIAL SPONSOR FORMU

Porting Oracle Applications to PostgreSQL - PGCon 2018 · Porting Oracle Applications to PostgreSQL Peter Eisentraut, credativ GmbH / credativ Ltd. ... Porting is usually straightforward,

Shelly Cloud, Heroku EngineYard fileEngineYard supports: PHP, Ruby, Node.js ShellyCloud is Ruby oriented. FREE plans Application with only 1 worker is always FREE at Heroku. Engine

An Elephant's Habitataso/2019.pgconf.eu.pdfI Flexible for new services and metrics I Easy to maintain and automate Alexander Sosna credativ GmbH22