2. OPEN SOURCE SOFTWARE IS EVERYWHERE
B I TC O I N
I OT
H EA LT H C A R EL I N U X
A N D R O I D
AU TO M OT I V E
B LO C KC H A I N
F I N T E C H D E V I C E S
O P E N S S L
A PA C H E
S T R U T S
S E C U R I T Y
C A M E R A S
P R O D U C T S
YO U S H I P
P R O D U C T S
YO U B U Y
YO U R
W E B S I T E
M I C R OWAV E
3. 95% 50% 25MM
YOU USE OSS MORE THAN EVER
MORE THAN
of IT organizations
leverage open-source
software assets*
Source: Gartner
MORE THAN
of all code written
today is Open Source*
Source: Flexera OSS Fact or Fiction report 2017
MORE THAN
repositories of Open
Source code exist today*
Source: Github
4. YOU ALSO RUN A GROWING RISK OF THREATS
H E A R T B L E E D
CVE-2014-0160
S H E L L S H O C K
CVE-2014-0160
G H O S T
CVE-2015-0235
S T R U T S 2
CVE-2017-5638
6. YOU NEED TO TAKE ACTION, BUT ITS NOT EASY
So much code,
6
so little time.
7. WE GET THE DILEMMA
Try these steps to find your best
process manage your risk.
You need a
Simple On-ramp.
You need choices
Automated scans, hands-on, or
somewhere in between.
8. EASILY MANAGE OSS SECURITY
Step 1: Get a team in place.
Step 2: Hook up your security solution.
Step 3: Focus on high priority issues first.
Step 4: Pay attention to alerts.
9. –Ad hoc or formal
–Legal, security, engineering
FACT: Less than 50%
of companies have
a team in place to set
Open Source policy.
* Flexera OSS Fact or Fiction report 2017
STEP 1 - GET A TEAM IN PLACE
*
10. STEP 2 - HOOK UP YOUR SECURITY SOLUTION
Integrate security scans into your build process
Get Automated high level analysis of all
your Code
11. STEP 3 - ELIMINATE HIGH PRIORITY ISSUES
Focus on the highest priority first
LICENSE EXPOSURE INVENTORY PRIORITY
22VULNERABILITIES
32
ITEMS
32
ITEMS
VULNERABILITY
EXPOSURE
12. STEP 4 - PAY ATTENTION TO ALERTS
Continuous
monitoring is key
Watch out for alerts if a new vulnerability is
discovered in current or shipped products
13. WHAT ABOUT HIGH RISK PROJECTS?
Good question! Dial up the depth of analysis to include
CONTAI NERS B UI L D
DEPENDENCI ES
SOURCE CODE
“ COPY + PAST E”
SOURCE CODE
MULT I MEDI A F I L ESB I NARI ES
14. MANAGE THAT SOFTWARE SUPPLY CHAIN!
YO UR
CO DE
S UPPLIE R
CO DE
O PE N S O UR CE
PR O JE CTS
PA R TNE R
CO DE
15. AND TAKE CONTROL OF OPEN SOURCE SOFTWARE
G E T C L E A N ,
S T A Y C L E A N
W I T H
F L E X E R A
AL ERT
To New OSS Vulnerabilities
MANAGE
OSS Vulnerabilities
COMPLY
With OSS Licenses
SEL EC T
Secure OSS Components
T RACK
OSS Usage