When it comes to open source and security, one of the most popular words that pops into the head of security aficionados and professionals is “dread.” Certainly that perception is driven by open source’s reputation – it is seen as fast, easy, low cost and, well, risky. With unknown hands touching the code – and a surprisingly low number of developers maintaining common components – it’s challenging for CSOs and security professionals to have much trust. This is especially true when you take into consideration the number of highly-publicized reports of malicious code hiding in open source code.
But there are ways for security and open source to be friends. In this podcast, Forrester Principal Analyst Amy DeMartine suggests that teaming up with developers, establishing an executive sponsor and getting more involved with open source projects are just a few of the ways we’ll improve open source and our relationship with it in 2018.