Silicon Canals
TRENDING
  • Mobility
  • AI
  • FinTech
  • Software & SaaS
No Result
View All Result
  • Home
  • News
    • Ukraine
    • Startups
    • Scaleups
    • Coin Canals
    • FinTech
    • AI and chatbots
    • Travel & Mobility
    • Software & SaaS
    • Health & Medtech
    • (Crowd)funding
    • Blockchain
    • Internet of things
    • Hardware
    • Accelerators
    • E-commerce
    • Cybersecurity
    • Gaming & Virtual Reality
    • Drones
    • COVID-19
  • Features
    • How-to
    • Knowledge & Insights
    • Guest Contributions
  • Partners
    • Amsterdam
    • Rise by Techleap.nl
    • Fintech Files by AWS
    • Scaling-up in Europe
    • Blue Tulip Awards
    • Partner with us
    • Promoted content
  • Jobs
  • About us
    • Partner with us
    • About
    • Team
    • Newsletter
  • Contact
  • Home
  • News
    • Ukraine
    • Startups
    • Scaleups
    • Coin Canals
    • FinTech
    • AI and chatbots
    • Travel & Mobility
    • Software & SaaS
    • Health & Medtech
    • (Crowd)funding
    • Blockchain
    • Internet of things
    • Hardware
    • Accelerators
    • E-commerce
    • Cybersecurity
    • Gaming & Virtual Reality
    • Drones
    • COVID-19
  • Features
    • How-to
    • Knowledge & Insights
    • Guest Contributions
  • Partners
    • Amsterdam
    • Rise by Techleap.nl
    • Fintech Files by AWS
    • Scaling-up in Europe
    • Blue Tulip Awards
    • Partner with us
    • Promoted content
  • Jobs
  • About us
    • Partner with us
    • About
    • Team
    • Newsletter
  • Contact
No Result
View All Result
Silicon Canals
No Result
View All Result
This article is produced in collaboration with our partner Synk

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Improve your open source security with three important steps

Guest Contributor by Guest Contributor
August 5, 2022
in Guest Contributions, guestblog, Knowledge & Insights
Improve your open source security with three important steps
8
SHARES
LinkedInTwitterWhatsAppFacebook

Current estimates say that 70 – 90% of software uses open source. But how secure is open source? Open source packages are shared by developers globally, so using open source in your own applications means introducing third-party code into your projects. This can introduce security risks, and the more widely used any open source package is, the bigger the impact a security vulnerability inside it can have.

A new research project by Snyk and the Linux foundation focused on how organisations are securing their open source packages. The project looked at how developers detect and address risk. A thorough analysis of the data collected revealed some major missteps that organisations are taking when it comes to open source security. Here are three steps that organisations can take to fix those missteps and get on the path to stronger security practices around open source.

- Partner content -
EIT Digital
EIT Digital Challenge 2022 is here!
Calling all European deep-tech scaleups for EIT Digital Challenge 2022Show More
Calling all European deep-tech scaleups for EIT Digital Challenge 2022 Show Less
Read more

1. Understand that dependencies bring complexity

The average project has 49 vulnerabilities spanning 79 direct dependencies.

Open source security becomes a bigger challenge as the software supply chain becomes more complex. Nearly all modern applications are built with components that depend on other components, creating a supply chain that involves hundreds of components and multi-tiered dependencies. 

The software supply chain is an attractive entry point for malicious actors because they can take advantage of vulnerabilities in small libraries that are widely used. Remember Log4Shell? It made any incoming data that gets logged vulnerable to RCE (remote code execution) attacks. It was a critical weakness inside of a popular open source logging framework  —  a vulnerability inside of a dependency. 

Only 24% of organisations are confident in the security of their direct dependencies. And while 37% of organisations report that dependencies are easy to track, these dependencies are not necessarily in a secure state.

2. Lay the groundwork with security policies

Only 49% of organisations have a security policy that explicitly addresses the development and use of open source packages. 

This is understandable in smaller organisations, where resources are limited. Research also showed that 27% of medium-to-large companies don’t have an established security policy in place. When you consider how much data each of these companies might be processing, 27% is an alarming statistic.

Every organisation needs a CISO (chief information security officer) or a person or team tasked with key security responsibilities. When key CISO capabilities are present and available, an open source security policy will follow. Actionable policies must be put in place and socialised across teams — starting with CISOs and developers, and moving throughout the organisation.

3. Use the right tools 

73% of organisations are searching for best practices to improve their software security. 

Organisations need to invest in a diverse set of tools to help them build more secure applications. In many cases, SCA (software composition analysis) tools can provide a strong advantage by enabling teams to find vulnerabilities in open source packages and learn how to fix them. Some organisations use other tools depending on their preferences regarding security testing. 

SAST (static application security testing) tools, in use at 35% of organisations, scan source code, bytecode, and binary code in order to identify problematic coding patterns. Some organisations use an IaC (infrastructure as code) model to help developers write secure HashiCorp Terraform, AWS CloudFormation, Kubernetes, and Azure Resource Manager (ARM) configurations before touching production. IaC configurations fit security best practices directly into development workflows. 

Each of these tooling options can help organisations take a big step toward prioritising open source security.  

The combined power of education, policy, and tools

Using open source packages safely requires a new way of thinking about developer security that many organisations have not yet adopted. Knowing what risks exist in open source packages, and understanding how to build protection against those risks, can empower your organisation to use open source technology efficiently and safely. Finding the most effective tools and policies for open source security is a great place to start.

 - Partner content -
How cybersecurity scaleup Intigriti conquered the world?
How cybersecurity scaleup Intigriti conquered the world?
Catch our interview with Paul Down, Head of Sales at Intigriti.
Catch our interview with Paul Down, Head of Sales at Intigriti. Show Less
Read more
Tags: open-sourcesecurity
Share1Tweet2SendShare3

Partner content | Work with us

Tokenisation is the future of the financial services industry, and Luxembourg’s Tokeny is at the helm of this change

Copilot for growers: Source.ag’s Rien Kamman explains how it helps growers increase their fresh produce with AI

Waste problem is complex, but Seenons has a solution: CEO and co-founder Joost Kamermans explains the plan

Want to scale your business in Germany and Europe? Here’s how the Scaleup Landing Pad Hamburg can help

Is your deep tech scaleup aiming high? The EIT Digital Challenge 2022 can get you there

Silicon Canals | Jobs


Breaking news from Amsterdam | Partner

Founder in Residence: Slimmer AI’s Daniela Redondo Vélez on how it aims to help founders early in their dream to build new age B2B AI solutions

Amsterdam and Paris-based Trezy bags €1M, opens European headquarters in the Dutch capital

Amsterdam’s Just Eat Takeaway made progress towards profitability in H1 2022: Report

9 Amsterdam-based startups that are cooling the planet

Advertisement

  • About Silicon Canals
  • Partner with Silicon Canals
  • Contact us
  • Newsletter
  • Disclaimer
  • Privacy Policy
  • Cookie Policy (UK)
  • Cookie Policy (EU)
  • Terms & Conditions Silicon Canals

Silicon Canals 2014-2022 | Website: Bright Idiots

No Result
View All Result
  • Home
  • News
    • Ukraine
    • Startups
    • Scaleups
    • Coin Canals
    • FinTech
    • AI and chatbots
    • Travel & Mobility
    • Software & SaaS
    • Health & Medtech
    • (Crowd)funding
    • Blockchain
    • Internet of things
    • Hardware
    • Accelerators
    • E-commerce
    • Cybersecurity
    • Gaming & Virtual Reality
    • Drones
    • COVID-19
  • Features
    • How-to
    • Knowledge & Insights
    • Guest Contributions
  • Partners
    • Amsterdam
    • Rise by Techleap.nl
    • Fintech Files by AWS
    • Scaling-up in Europe
    • Blue Tulip Awards
    • Partner with us
    • Promoted content
  • Jobs
  • About us
    • Partner with us
    • About
    • Team
    • Newsletter
  • Contact

Silicon Canals 2014-2022 | Website: Bright Idiots

Stay updated with the Silicon Canals daily and weekly newsletters.
We promise we won't spam you. You can choose to unsubscribe anytime.
Stay updated with the Silicon Canals daily and weekly newsletters.
We promise we won't spam you. You can choose to unsubscribe anytime.
Silicon Canals
Manage your privacy

To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.

Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
Manage options Manage services Manage vendors Read more about these purposes
Manage options
{title} {title} {title}
X
X