Open Source Application Security
Open Source Application Security: Know Your Code
Open source is the foundation for most modern applications. However, nearly half of all companies we surveyed indicate that they have no formal processes in place for tracking and managing their use of open source. As a result, many teams discover that their applications contain a lot more open source than they think.
Black Duck audits of over 1000 commercial applications reveal the surprising degree to which this open source management gap exists. Left untracked, open source can leave applications and data at risk to known open source security vulnerabilities like Heartbleed and Shellshock.
Open Source Enters Your Code From Every Angle
Because open source is used everywhere it enters your code from everywhere, and sometimes security vulnerabilities come with it. To ensure security from potential open source vulnerabilities, you need an accurate understanding of:
- What open source components are in your code?
- Are they affected by known open source security vulnerabilities?
- Are they up-to-date and do they comply with policy?
Manage Open Source Vulnerabilities
Black Duck Hub helps security and development teams identify and mitigate open source security risks across application portfolios. Hub’s lightweight scanning, tracking, and monitoring application security solution:
- Identifies open source throughout your code base
- Automatically maps open source in use to known open source vulnerabilities
- Flags policy violations and tracks remediation progress
- Continuously monitors for newly identified open source vulnerabilities
Application Security Services On-Demand
A Black Duck Open Source Security Audit provides an actionable, comprehensive list of security, legal, and operational risks associated with open source components currently in use within your company's code base(s). As part of our open source security services, Black Duck performs an open source and third-party code audit from which a bill of materials (BOM) is created. The BOM is then compared to multiple open source vulnerability databases, producing an actionable report that takes into account the types of risk and severity, recommending priorities to guide your remediation efforts.
Contact us today to learn more about Black Duck open source software security solutions.