Using Open Source Libraries to Speed Development Whilst Minimising Risk

The state of open source security in DevOps


Better, faster, cheaper… these are the promises of DevOps. The future of software development and operations is all about speeding up development and deployment, aided and abetted by cloud-based infrastructure, RESTful APIs and indeed, open source software.

But then comes security, which requires a level of assurance. With the bad guys increasingly turning to automated efforts to hack into your systems, it’s not enough to hope that they will overlook your application or dataset (even if GDPR didn’t say you had to do something about it, which it does).

There’s a general assumption around open source, which goes something like this: if anyone can see the code, then the chances are somebody has spotted any vulnerabilities, and indeed, fixed them. This is true, to an extent: the forums are full of recently discovered exploits and indeed, patches.

But what if your software is still reliant on an older version? How do you know which packages are involved, and their licensing terms? The result is a blind spot/bottleneck combo, where organisations either don’t know if they are at risk, or they are slowing down their DevOps cycles trying to find out.

In this webinar, we address this dilemma head on. We’ll be speaking to experts from application security specialist CA Veracode, as well as industry analyst firm Freeform Dynamics, about the state of open source security in DevOps.

We review at the scale of the issue, both in terms of threat levels and potential consequences, and we consider the tools and technologies, processes and practices to assure better, faster, cheaper and secure software comes out of the DevOps cycle.

We’ll look at examples of where things have gone wrong, and how they can be made right. So if you are dependent on open source for your DevOps-based delivery and you want to head off the risks before they become threats, tune in.

You will have to register, or log in, in order to view this webinar.



Biting the hand that feeds IT © 1998–2020