Read the latest press releases and news clippings featuring Contrast.

BYLINE: Removing A False Sense Of (open source) Security

ByInfo Security Buzz May 27, 2020 2:30:00 PM

The rapid pace of modern software development has allowed businesses to transform the way they run – yielding superior customer experiences, greater efficiencies, faster time to market and better cost optimisation. Software has enabled companies to disrupt their business environments by leveraging the agility and speed of change that only software can deliver. The companies that thrive today are those that realise that software innovation can drive agility, create differentiation and provide competitive advantages.

With software so predominant, the use of Open Source Software (OSS) has grown in popularity over the last few years. The enticement of OSS is undeniable, and the vibrant open source community has rallied, resulting in significant contributions to the open source movement. As a result, developers are increasingly turning to OSS to aid their organisation’s transformation. 

By embracing OSS, companies realise major economic and productivity benefits, in addition to a positive impact on their bottom line. OSS enables organisations to move even faster by harnessing prefabricated building blocks to bootstrap the software development process and drive forward innovation.

OSS is easy to modify, enhance and integrate, offering a collaborative approach to open source communities. Organisations are using OSS as the architectural foundation for applications, operating systems, databases, development tools, cloud computing and big data. Some of the most popular OSS and associated platforms include Linux, Docker, .NET, Java, Eclipse, Apache, Maven, NodeJS, Drupal, GitHub and Chef.

The amount of open source code from external sources is steadily rising and developers have become heavily reliant on its use. Open source is an integral technology and business tool, requiring security be woven into the very fabric of the code. However, there are many application security challenges that need to be understood and addressed accordingly when using open source code. OSS security breaches may be rare, but when they are compromised it can create havoc. There is a real need to effectively identify, manage and mitigate vulnerabilities quickly. As companies continually adopt more and more OSS assets, there is a greater emphasis on how OSS software needs to be incorporated and managed to make code more secure.

Open source plays a pivotal role in the success and/or failure of software development teams. However, whilst the benefits of OSS are generally understood by the software developer community, the risks may not. It should be fully understood by developers that OSS is not immune to potential security risks. The core security risks in using OSS are like other types of software assets.   All code comes with security risks and developers mustn’t put undue trust in OSS code. As companies use a greater amount of open source code, it introduces vulnerabilities that expose a company to risks and possible breaches.

The simple truth is that organisations are not effectively dealing with OSS security threats. Since OSS is in the public domain, hackers with malicious intentions have easy access to information. They can identify and exploit potential failings or loopholes within the software code more easily than in-house proprietary software. Furthermore, developers may inadvertently use defective components which may go undetected and get into production environments.

Continue Reading >>

Info Security Buzz


Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook