Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The 4 Levels of Open Source Risk Management

1,694 views

Published on

Where does your organization stand with open source risk management? How are you identifying and securing open source used in your code? Measure your organization against these four levels to find out.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

The 4 Levels of Open Source Risk Management

  1. 1. LEVEL 3 – TRACKING OPEN SOURCE BY SPREADSHEET Making Progress (Issues Remain). Developers complain that manual tracking is impacting their productivity. Accuracy is difficult to maintain. Provides limited insight into security vulnerabilities. DO YOU KNOW WHAT LICENSE OR SECURITY ISSUES MIGHT ARISE FROM YOUR USE OF OPEN SOURCE? BLACK DUCK CAN HELP YOU: Automatically identify and inventory open source software used to build applications and Docker containers Map open source components to known vulnerabilities and license requirements with Black Duck’s comprehensive KnowledgeBase™ of more than 1.5 million open source projects and 75,000 vulnerabilities Streamline and secure continuous integration/deployment activities with integration with the most popular DevOps and security tools, including IBM AppScan, HP Fortify, Docker, Red Hat Atomic, Jenkins, and Atlassian Help your teams set policies to govern open source security, license, and code quality risks, enforce policies through build-tool integrations, and manage remediation efforts through IT workflow support. Continuously monitor for and provide alerts for new open source vulnerabilities For more information, visit www.blackducksoftware.com LEVEL 1 – IGNORING RISK Code Red. You’re unaware of open source used in your code. No policies in place to manage open source security and licensing risks. LEVEL 2 – MANUAL DISCOVERY OF OPEN SOURCE Significant Trouble. Inaccurate open source invento- ries. Processes to manage open source are incon- sistent. No controls over open source use. Where does your organization stand with open source risk management? How are you identifying and securing open source used in your code? Measure your organization against these four levels to find out… LEVEL 4 –AUTOMATED OS RISK MANAGEMENT Way Cool. Open source is automatically identified, inventoried, and mapped to known vulnerabilities and license requirements without impacting your SDLC. Organizations worldwide use Black Duck Software’s industry-leading products to automate the processes of securing and managing open source software, eliminating the pain related to security vulnerabilities, open source license compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com

×