10 Mistakes to Avoid to Make Open Source More Secure

Open source is becoming more popular in the enterprise. But so are open-source vulnerabilities. Here is how you can prevent open source-related mishaps in 2016.

 

It's no secret that open source is becoming more popular in the enterprise. Organizations from service companies to manufacturers to banks are tapping open source to take advantage of factors such as lower development costs, faster time to market and simplified application deployment through containers. Mission-critical performance is no longer a major hurdle. But there's another issue with open source that is sticking in enterprises' craw—and will continue to stick throughout 2016 and beyond. That issue is security. More than 6,000 new open-source vulnerabilities have been reported since 2014. Given the fact that, according to various surveys, 98 percent of companies are using open-source software they don't even know about, it stands to reason that enterprises don't have a good handle on how to defend against this growing threat. Most organizations lack automated processes for selection and approval of new open source as it enters a code stream, as well as inventorying and tracking the use of open-source software within their code base and Linux containers. Identification of or monitoring for known open-source vulnerabilities (like Heartbleed and ShellShock) is another issue many organizations now face as their use of open source grows. Based on interviews with eWEEK, Black Duck, a provider of software that identifies open-source components and maps known open-source security vulnerabilities, offers some advice about issues enterprises should consider to prevent open source-related mishaps in 2016.

Watch the slide show