It's 2018. Are you still shipping vulnerable code? Find out how to get started easily with open source security and compliance.

1. GET STARTED WITH
OPEN SOURCE SECURITY

2. OPEN SOURCE SOFTWARE IS EVERYWHERE
B I TC O I N
I OT
H EA LT H C A R EL I N U X
A N D R O I D
AU TO M OT I V E
B LO C KC H A I N
F I N T E C H D E V I C E S
O P E N S S L
A PA C H E
S T R U T S
S E C U R I T Y
C A M E R A S
P R O D U C T S
YO U S H I P
P R O D U C T S
YO U B U Y
YO U R
W E B S I T E
M I C R OWAV E

3. 95% 50% 25MM
YOU USE OSS MORE THAN EVER
MORE THAN
of IT organizations
leverage open-source
software assets*
Source: Gartner
MORE THAN
of all code written
today is Open Source*
Source: Flexera OSS Fact or Fiction report 2017
MORE THAN
repositories of Open
Source code exist today*
Source: Github

4. YOU ALSO RUN A GROWING RISK OF THREATS
H E A R T B L E E D
CVE-2014-0160
S H E L L S H O C K
CVE-2014-0160
G H O S T
CVE-2015-0235
S T R U T S 2
CVE-2017-5638

5. THAT CAN THREATEN YOUR BRAND
YOUR SE CURITY YOUR IP YOUR RE PUTATION

6. YOU NEED TO TAKE ACTION, BUT ITS NOT EASY
So much code,
6
so little time.

7. WE GET THE DILEMMA
Try these steps to find your best
process manage your risk.
You need a
Simple On-ramp.
You need choices
Automated scans, hands-on, or
somewhere in between.

8. EASILY MANAGE OSS SECURITY
Step 1: Get a team in place.
Step 2: Hook up your security solution.
Step 3: Focus on high priority issues first.
Step 4: Pay attention to alerts.

9. –Ad hoc or formal
–Legal, security, engineering
FACT: Less than 50%
of companies have
a team in place to set
Open Source policy.
* Flexera OSS Fact or Fiction report 2017
STEP 1 - GET A TEAM IN PLACE
*

10. STEP 2 - HOOK UP YOUR SECURITY SOLUTION
Integrate security scans into your build process
Get Automated high level analysis of all
your Code

11. STEP 3 - ELIMINATE HIGH PRIORITY ISSUES
Focus on the highest priority first
LICENSE EXPOSURE INVENTORY PRIORITY
22VULNERABILITIES
32
ITEMS
32
ITEMS
VULNERABILITY
EXPOSURE

12. STEP 4 - PAY ATTENTION TO ALERTS
Continuous
monitoring is key
Watch out for alerts if a new vulnerability is
discovered in current or shipped products

13. WHAT ABOUT HIGH RISK PROJECTS?
Good question! Dial up the depth of analysis to include
CONTAI NERS B UI L D
DEPENDENCI ES
SOURCE CODE
“ COPY + PAST E”
SOURCE CODE
MULT I MEDI A F I L ESB I NARI ES

14. MANAGE THAT SOFTWARE SUPPLY CHAIN!
YO UR
CO DE
S UPPLIE R
CO DE
O PE N S O UR CE
PR O JE CTS
PA R TNE R
CO DE

15. AND TAKE CONTROL OF OPEN SOURCE SOFTWARE
G E T C L E A N ,
S T A Y C L E A N
W I T H
F L E X E R A
AL ERT
To New OSS Vulnerabilities
MANAGE
OSS Vulnerabilities
COMPLY
With OSS Licenses
SEL EC T
Secure OSS Components
T RACK
OSS Usage

16. EXPLORE SOME RESOURCES
Follow our
BLOG
Read our
RESEARCH
REPORTS
Explore
OSS TRENDS
&PREDICTIONS
FOR 2018

17. WE’RE REIMAGINING
THE WAY SOFTWARE IS
BOUGHT
SOLD
MANAGED
SECURED

18. THANK YOU!
© 2018 Flexera All Rights Reserved
ww w. f l e x e r a . c o m