Open Source Application Security
Open Source Application Security: Know Your Code
Open source is the foundation for most modern applications. However nearly half of all companies we surveyed indicate that they have no formal processes in place for tracking and managing their use of open source. As a result, many teams discover that their applications contain a lot more open source than they think. Left untracked, this open source can leave application security and data at risk to known open source security vulnerabilities like Heartbleed and Shellshock.
Open Source Enters Your Code From Every Angle
Because open source is used everywhere it enters your code from everywhere, and sometimes application security vulnerabilities come with it. To ensure application security from potential vulnerabilities, you need an accurate understanding of:
- What open source components are in your code?
- Are they affected by known security vulnerabilities?
- Are they up-to-date and do they comply with policy?
Manage Open Source Security Vulnerabilities
The Black Duck Hub helps security and development teams identify and mitigate open source security risks across application portfolios. Hub’s lightweight scanning, tracking, and monitoring application security solution:
- Identifies open source throughout your code base
- Automatically maps open source in use to known open source security vulnerabilities
- Flags policy violations and tracks remediation progress
- Continuously monitors for newly identified open source vulnerabilities
Application Security Services On-Demand
Black Duck's Open Source Security Assessment provides an actionable, comprehensive list of security, legal, and operational risks associated with components currently in use within your company's code base(s). As part of our open source security services, Black Duck performs an open source and third-party code audit from which a bill of materials (BOM) is created. The BOM is then compared to multiple open source vulnerability databases, producing an actionable report that takes into account the types of risk and severity, recommending priorities to guide your remediation efforts.