When it comes to open source and security, one of the most popular words that pops into the head of security aficionados and professionals is “dread.” Certainly that perception is driven by open source’s reputation – it is seen as fast, easy, low cost and, well, risky. With unknown hands touching the code – and a surprisingly low number of developers maintaining common components – it’s challenging for CSOs and security professionals to have much trust. This is especially true when you take into consideration the number of highly-publicized reports of malicious code hiding in open source code.
But there are ways for security and open source to be friends. In this podcast, Forrester Principal Analyst Amy DeMartine suggests that teaming up with developers, establishing an executive sponsor and getting more involved with open source projects are just a few of the ways we’ll improve open source and our relationship with it in 2018.
- Best Practices for the Adoption of Open Source Software
- How Software Composition Analysis Reduces Risk from Open Source Components
- What Developers Need to Know About the State of Software Security Today
- How Static Analysis Has Changed in a DevOps World
- The Forrester Wave™: Static Application Security Testing, Q4 2017