How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Join Black Duck and our customer experts on best practices for application security in DevOps.
You’ll learn:
-New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments
-Best practices for designing and incorporating an automated approach to application security into your existing development environment
-Future development and application security challenges organizations will face and what they can do to prepare
Open source software drives efficiency and innovation, but affects your application stacks and introduces new challenges to keeping them highly available and performing. Find out about the hottest open source options and how they can help your organization achieve better uptime and performance levels. We also explore the tradeoffs of using open source software, how to evaluate and assess the available types, and the potential effects on your applications and infrastructure.
Winning open source vulnerabilities without loosing your deveopers - Azure De...WhiteSource
Tsaela Pinto, Director of Knowledge R&D at WhiteSource, spoke at the Azure DevOps meetup in Tel Aviv about how develpers should part in maintaining open source security
From Zero to DevSecOps: How to Implement Security at the Speed of DevOpsDevOps.com
The traditional way of handling security issues in DevOps involves security teams analyzing vulnerabilities and opening issues/tickets, with closing the loop on resolutions being difficult. This model is changing as the cost of fixing later-stage defects rises significantly. The shift is toward DevSecOps where responsibility for application security moves to development teams. Developers are integrating security tools earlier in the software development lifecycle (SDLC) to enable a more secure-by-design approach. Effective DevSecOps requires tools that fit seamlessly into developer workflows and prioritize actual vulnerabilities over non-issues. It also demands integrating security practices into DevOps processes through agile methodologies and automation.
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...Paris Open Source Summit
Stratégie, risques liés à l'adoption de l'open source... Comment un modèle de gouvernance fort peut rendre votre parcours open source le plus efficace.
This document provides an overview of application security challenges and trends. It discusses how attacks have moved to target applications directly rather than just infrastructure. It also notes that security is often an afterthought for developers focused on speed and that maturity varies. Key trends include shifting security left in the development process, addressing open source risks, and leveraging tools like machine learning. Stakeholders have different priorities around protecting the organization versus meeting deadlines. Primary use cases involve finding and fixing vulnerabilities throughout the development lifecycle. The Fortify platform aims to provide application security that scales with development needs.
This document provides an overview of application security and the Fortify portfolio. It discusses growing application security challenges such as attacks targeting the application layer. It also reviews key application security trends like shift left development and cloud transformation. The document outlines primary customer use cases and priorities around securing applications. Additionally, it summarizes the Fortify product offerings and how the portfolio addresses application security needs. Examples of Fortify customer success are also provided along with insights into the competitive application security market.
How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Join Black Duck and our customer experts on best practices for application security in DevOps.
You’ll learn:
-New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments
-Best practices for designing and incorporating an automated approach to application security into your existing development environment
-Future development and application security challenges organizations will face and what they can do to prepare
Open source software drives efficiency and innovation, but affects your application stacks and introduces new challenges to keeping them highly available and performing. Find out about the hottest open source options and how they can help your organization achieve better uptime and performance levels. We also explore the tradeoffs of using open source software, how to evaluate and assess the available types, and the potential effects on your applications and infrastructure.
Winning open source vulnerabilities without loosing your deveopers - Azure De...WhiteSource
Tsaela Pinto, Director of Knowledge R&D at WhiteSource, spoke at the Azure DevOps meetup in Tel Aviv about how develpers should part in maintaining open source security
From Zero to DevSecOps: How to Implement Security at the Speed of DevOpsDevOps.com
The traditional way of handling security issues in DevOps involves security teams analyzing vulnerabilities and opening issues/tickets, with closing the loop on resolutions being difficult. This model is changing as the cost of fixing later-stage defects rises significantly. The shift is toward DevSecOps where responsibility for application security moves to development teams. Developers are integrating security tools earlier in the software development lifecycle (SDLC) to enable a more secure-by-design approach. Effective DevSecOps requires tools that fit seamlessly into developer workflows and prioritize actual vulnerabilities over non-issues. It also demands integrating security practices into DevOps processes through agile methodologies and automation.
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...Paris Open Source Summit
Stratégie, risques liés à l'adoption de l'open source... Comment un modèle de gouvernance fort peut rendre votre parcours open source le plus efficace.
This document provides an overview of application security challenges and trends. It discusses how attacks have moved to target applications directly rather than just infrastructure. It also notes that security is often an afterthought for developers focused on speed and that maturity varies. Key trends include shifting security left in the development process, addressing open source risks, and leveraging tools like machine learning. Stakeholders have different priorities around protecting the organization versus meeting deadlines. Primary use cases involve finding and fixing vulnerabilities throughout the development lifecycle. The Fortify platform aims to provide application security that scales with development needs.
This document provides an overview of application security and the Fortify portfolio. It discusses growing application security challenges such as attacks targeting the application layer. It also reviews key application security trends like shift left development and cloud transformation. The document outlines primary customer use cases and priorities around securing applications. Additionally, it summarizes the Fortify product offerings and how the portfolio addresses application security needs. Examples of Fortify customer success are also provided along with insights into the competitive application security market.
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security?
It’s a fact - many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case.
Tune in to hear Jeff Martin, Senior Director of Product at WhiteSource and Anders Wallgren, VP of Technology Strategy at Cloudbees, as they discuss:
- Why traditional DevOps has shifted, and what this will mean
- Who should own security in the age of DevOps
- Which tools and strategies are needed to implement continuous security throughout the DevOps pipeline
The document provides an overview of secure DevOps practices including:
- Integrating security into the software development lifecycle from design through deployment.
- Using automation and continuous integration/delivery practices to continuously assess and remediate vulnerabilities.
- Implementing secure configurations for hardware and software and keeping systems updated with the latest patches.
- Performing security testing using tools that can identify vulnerabilities during the development process.
- Controlling administrative privileges and secrets management in an "infrastructure as code" environment.
CI/CD pipeline security from start to finish with WhiteSource & CircleCIWhiteSource
This document provides an agenda for a webinar on securing CI/CD pipelines from start to finish with CircleCI and WhiteSource. The agenda includes brief introductions to CircleCI and WhiteSource, an overview of CircleCI Orbs and how they can simplify integrations, a discussion of the state of open source usage and security, and a demo of WhiteSource scanning functionality directly within a CircleCI pipeline using an Orb.
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Black Duck by Synopsys
It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the CVE (Common Vulnerabilities and Exposures) gap be closed? The GDPR (General Data Protection Regulation) is bearing down on us like a freight train, and it’s past time to include open source security into your GDPR plans.
Plus, an intro to the Open Hub community, looking at security for blockchain apps, and best practices for open source security in container environments are all featured in this week’s cybersecurity and open source security news.
You Can’t Live Without Open Source - Results from the Open Source 360 SurveyBlack Duck by Synopsys
Today, open source drives technology and development, and its worldwide adoption ranges from companies with a single employee to large corporations like Microsoft and Apple. All of these organizations rely on open source to innovate, reduce development costs, and speed time to market. Recent research reports point out that open source comprises 80% to 90% of the code in a typical application. Our Open Source 360° survey provides an update on the rapid evolution of open source development, use and management.
The 2017 Open Source 360° survey was conducted through Black Duck’s Center for Open Source Research & Innovation (COSRI), focusing on four important areas of open source – usage, risk, contributions and governance/policies. Our respondents include input from new players, established leaders, and influencers across vertical markets and communities. This range of respondents drives broad industry awareness and discussions of these key issues.
This document summarizes the results of a survey on DevOps challenges and version control. The survey found that the top DevOps challenges companies face are continuous integration/delivery, managing build artifacts, and managing projects, repositories and permissions. Effective version control was seen as key to overcoming these challenges. The survey showed that many teams commit code daily but have issues with integration and delivery speeds. It also found that non-source assets are increasingly stored in version control systems. The document concludes that selecting the right version control system can help solve many common DevOps challenges that companies face.
As presented by Tim Mackey, Senior Technical Evangelist at Black Duck Software, at Open Source Open Standards (GovNet) (http://opensourceconference.co.uk/), this deck covers some of the material which operators of open source data centers and users of container and cloud technologies should be aware of when seeking to be security conscious.
Traditionally, when datacentre operators talk about application security, there has been a tendency to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
- How known vulnerabilities can make their way into production deployments
- How vulnerability impact is maximized
- A methodology for ensuring deployment of vulnerable code can be minimized
- A methodology to minimize the potential for vulnerable code to be redistributed
Secure application deployment in the age of continuous deliveryTim Mackey
As presented at Open Source Open Standards (GovNet) (http://opensourceconference.co.uk/), this deck covers some of the material which operators of open source data centers and users of container and cloud technologies should be aware of when seeking to be security conscious.
Traditionally, when datacentre operators talk about application security, there has been a tendency to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
- How known vulnerabilities can make their way into production deployments
- How vulnerability impact is maximized
- A methodology for ensuring deployment of vulnerable code can be minimized
- A methodology to minimize the potential for vulnerable code to be redistributed
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
It’s everywhere. From your phone to the enterprise, open source software (OSS) is running far and wide. Gartner predicts that by 2016, 99 percent of Global 2000 enterprises will use open source in mission-critical software. While it’s free, easy to find, and pushes software to the market faster, it’s vital to understand how to use OSS safely.
Join Richard Sherrard, director of product management at Rogue Wave, for a live webinar reviewing the top five OSS trends of 2015. From OSS discovery, to risk, and governance, we’ll take a deep dive into the trends we’ve noticed this year while providing you with some predictions for 2016.
In this webinar you’ll learn how to:
-Discover the OSS in your codebase to ensure that code is free of bugs, security vulnerabilities, and license conflicts
-Implement controls on OSS usage at your organization
-Create a multi-tier approach to OSS risk reduction with open source tools, static code analysis and dynamic analysis
Watch the webinar recording now: https://www.brighttalk.com/webcast/12285/164531
The document discusses open source software. It defines open source software as software whose source code is publicly accessible and available for modification or enhancement by anyone. It then provides several benefits and reasons for using open source software, including improved security, quality, customizability, freedom from vendor lock-in, flexibility, interoperability, auditability, strong support communities, and lower costs compared to proprietary software. The document also discusses India's policy promoting the adoption of open source software by government organizations.
The Growing Research that Open Source Owns the Future in CloudAll Things Open
Presented by: Chris Ferris & Deb Bryant
Presented at the All Things Open 2021
Raleigh, NC, USA
Raleigh Convention Center
Abstract: The latest research on open source shows the growing need and value of the skills as well as the advancement of open source in the enterprise stack. Join Deb Bryant, Senior Director, Open Source Project Office at Red Hat and Chris Ferris, CTO, Open Technologies at IBM to cover the latest global research on Open Source. Red Hat and IBM embarked on research in 2020 that have insights on the state of open source, its practitioners and its future. 65% of developers consider skills and knowledge related to underlying Open Source cloud technologies to be more beneficial to their careers, than skills related to any specific cloud. Join us to cover some of the critical questions and discoveries which showed strong support for your skills in key open source technologies. While the widespread use of free and open source software and migration to the cloud are the two most significant shifts characterizing computing in the last two decades, open source technology is still the root of that innovation. In the era of hybrid cloud, open source is maintaining and increasing its influence. Our research suggests that over the long term, recruiting skills in the most fundamental open source tools and libraries will likely provide major benefits to both professionals and their organizations.
Empowering Financial Institutions to Use Open Source With ConfidenceWhiteSource
The days when financial institutions relied solemnly on proprietary code are over. Today, even the largest financial services firms have realized the benefits of using open source technology to build powerful, innovative applications at a reduced time-to-market. However, the financial services industry faces strict regulatory requirements that present it with a unique set of challenges, especially when it comes to open source usage (both consumption and contribution).
FINOS is a non-profit organization whose purpose is to accelerate collaboration and innovation in financial services through the adoption of open source software, standards and best practices. Together with WhiteSource, they are able to provide a safe environment for developers to use open source components freely and fearlessly.
Join FINOS and WhiteSource as they discuss:
The challenges of open source usage
The state of open source vulnerabilities management
How FINOS uses WhiteSource to ensure the security and IP compliance of FINOS-produced open source software
WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...DevOps.com
The days when financial institutions relied solemnly on proprietary code are over. Today, even the largest financial services firms have realized the benefits of using open source technology to build powerful, innovative applications at a reduced time-to-market. However, the financial services industry faces strict regulatory requirements that present it with a unique set of challenges, especially when it comes to open source usage (both consumption and contribution).
FINOS is a non-profit organization whose purpose is to accelerate collaboration and innovation in financial services through the adoption of open source software, standards and best practices. Together with WhiteSource, they are able to provide a safe environment for developers to use open source components freely and fearlessly.
Join FINOS and WhiteSource as they discuss:
The challenges of open source usage
The state of open source vulnerabilities management
How FINOS uses WhiteSource to ensure the security and IP compliance of FINOS-produced open source software
Presented at All Things Open 2022
Presented by Andrew Zigler
Title: Open Source All The Things
Abstract: Open source software is increasingly becoming the number one choice for software developers worldwide because it's considered best in class for its improved security, extensibility and customization, and high-quality tooling. Wouldn’t it be great if your entire software development lifecycle could take place on open source software?
The good news is that it absolutely can! Modern open source tools give your development team everything they need to be productive, from initial planning to production deployment. In this session, you’ll learn how to use 100% open source software to set up a complete development pipeline that includes source code management, CI/CD, service monitoring and notifications, team communications and collaboration, project and task management, and process automation. Attendees will come away with an arsenal of tools they can deploy for their team to become more efficient at the software development process.
Target Audience:
Anyone who works on a software development team and wants to find ways to make their team more productive and facilitate better collaboration. This session is ideal for developers and technical managers who want to use open source tools to reduce context switching and increase the focus time they have to write code.
DevOps for Highly Regulated EnvironmentsDevOps.com
Financial institutions, medical groups, governmental organizations, automotive companies… these types of entities all have unique and sometimes difficult-to-meet regulations. You may be required to have fine-grained auditability of your SDLC or maintain specific third-party integrations. Security models may be heightened, or certain types of compliance processes maintained. So how are we supposed to “do the DevOps” when we have so many things to worry about? In this webinar, we’ll explore some ways that you can adopt DevOps best practices and even (gasp!) thrive when building your DevOps and DevSecOps pipelines in highly-regulated industries.
- Stefan Streichsbier is the CEO of GuardRails and a professional white-hat hacker who has identified severe shortcomings in security processes and technologies, leading him to create GuardRails.
- The document discusses the evolution of DevOps and increasing complexity, the state of security and how it needs to fit within modern development workflows, and introduces the concept of DevSecOps to address shortcomings and better integrate security.
- Key aspects of DevSecOps discussed include how to create, test, and monitor secure applications and empower development teams to build security in from the start rather than see it as a separate function. Automated security tools and the need to reduce noise and improve usability for developers is also
This talk provides a brief history of how DevOps has enabled tech companies to become unicorns. Furthermore, is Security in DevOps important, who is responsible and what can teams do make security a competitive advantage.
Open Source Security and ChatGPT-Published.pdfJavier Perez
1) ChatGPT and other AI tools allow developers to produce code more quickly and efficiently but the validity and security of generated code must still be verified by developers.
2) While AI can introduce vulnerabilities if misused, it can also help find vulnerabilities when used properly under a developer's guidance.
3) Open source security involves continuously monitoring libraries and dependencies for vulnerabilities and applying patches through practices like software bill of materials and regular scans.
Open Source North - State of OSS in OrganizationsJavier Perez
This document discusses the state of open source software usage in organizations based on a survey. Some key findings include:
- Over 76% of organizations increased their use of open source in the last year, with 40.59% increasing significantly.
- The top reasons for using open source are access to innovation, cost reduction due to no licensing fees, and reducing vendor lock-in.
- Common challenges with open source include keeping up with updates and patches, installation upgrades, and ensuring sufficient personnel experience.
- Open source usage varies by industry, with retail having the highest usage at 60% and manufacturing the lowest rate of experts at under 30%.
More Related Content
Similar to All Things Open 2022 - State of OSS Security & Support
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security?
It’s a fact - many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case.
Tune in to hear Jeff Martin, Senior Director of Product at WhiteSource and Anders Wallgren, VP of Technology Strategy at Cloudbees, as they discuss:
- Why traditional DevOps has shifted, and what this will mean
- Who should own security in the age of DevOps
- Which tools and strategies are needed to implement continuous security throughout the DevOps pipeline
The document provides an overview of secure DevOps practices including:
- Integrating security into the software development lifecycle from design through deployment.
- Using automation and continuous integration/delivery practices to continuously assess and remediate vulnerabilities.
- Implementing secure configurations for hardware and software and keeping systems updated with the latest patches.
- Performing security testing using tools that can identify vulnerabilities during the development process.
- Controlling administrative privileges and secrets management in an "infrastructure as code" environment.
CI/CD pipeline security from start to finish with WhiteSource & CircleCIWhiteSource
This document provides an agenda for a webinar on securing CI/CD pipelines from start to finish with CircleCI and WhiteSource. The agenda includes brief introductions to CircleCI and WhiteSource, an overview of CircleCI Orbs and how they can simplify integrations, a discussion of the state of open source usage and security, and a demo of WhiteSource scanning functionality directly within a CircleCI pipeline using an Orb.
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Black Duck by Synopsys
It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the CVE (Common Vulnerabilities and Exposures) gap be closed? The GDPR (General Data Protection Regulation) is bearing down on us like a freight train, and it’s past time to include open source security into your GDPR plans.
Plus, an intro to the Open Hub community, looking at security for blockchain apps, and best practices for open source security in container environments are all featured in this week’s cybersecurity and open source security news.
You Can’t Live Without Open Source - Results from the Open Source 360 SurveyBlack Duck by Synopsys
Today, open source drives technology and development, and its worldwide adoption ranges from companies with a single employee to large corporations like Microsoft and Apple. All of these organizations rely on open source to innovate, reduce development costs, and speed time to market. Recent research reports point out that open source comprises 80% to 90% of the code in a typical application. Our Open Source 360° survey provides an update on the rapid evolution of open source development, use and management.
The 2017 Open Source 360° survey was conducted through Black Duck’s Center for Open Source Research & Innovation (COSRI), focusing on four important areas of open source – usage, risk, contributions and governance/policies. Our respondents include input from new players, established leaders, and influencers across vertical markets and communities. This range of respondents drives broad industry awareness and discussions of these key issues.
This document summarizes the results of a survey on DevOps challenges and version control. The survey found that the top DevOps challenges companies face are continuous integration/delivery, managing build artifacts, and managing projects, repositories and permissions. Effective version control was seen as key to overcoming these challenges. The survey showed that many teams commit code daily but have issues with integration and delivery speeds. It also found that non-source assets are increasingly stored in version control systems. The document concludes that selecting the right version control system can help solve many common DevOps challenges that companies face.
As presented by Tim Mackey, Senior Technical Evangelist at Black Duck Software, at Open Source Open Standards (GovNet) (http://opensourceconference.co.uk/), this deck covers some of the material which operators of open source data centers and users of container and cloud technologies should be aware of when seeking to be security conscious.
Traditionally, when datacentre operators talk about application security, there has been a tendency to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
- How known vulnerabilities can make their way into production deployments
- How vulnerability impact is maximized
- A methodology for ensuring deployment of vulnerable code can be minimized
- A methodology to minimize the potential for vulnerable code to be redistributed
Secure application deployment in the age of continuous deliveryTim Mackey
As presented at Open Source Open Standards (GovNet) (http://opensourceconference.co.uk/), this deck covers some of the material which operators of open source data centers and users of container and cloud technologies should be aware of when seeking to be security conscious.
Traditionally, when datacentre operators talk about application security, there has been a tendency to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
- How known vulnerabilities can make their way into production deployments
- How vulnerability impact is maximized
- A methodology for ensuring deployment of vulnerable code can be minimized
- A methodology to minimize the potential for vulnerable code to be redistributed
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
It’s everywhere. From your phone to the enterprise, open source software (OSS) is running far and wide. Gartner predicts that by 2016, 99 percent of Global 2000 enterprises will use open source in mission-critical software. While it’s free, easy to find, and pushes software to the market faster, it’s vital to understand how to use OSS safely.
Join Richard Sherrard, director of product management at Rogue Wave, for a live webinar reviewing the top five OSS trends of 2015. From OSS discovery, to risk, and governance, we’ll take a deep dive into the trends we’ve noticed this year while providing you with some predictions for 2016.
In this webinar you’ll learn how to:
-Discover the OSS in your codebase to ensure that code is free of bugs, security vulnerabilities, and license conflicts
-Implement controls on OSS usage at your organization
-Create a multi-tier approach to OSS risk reduction with open source tools, static code analysis and dynamic analysis
Watch the webinar recording now: https://www.brighttalk.com/webcast/12285/164531
The document discusses open source software. It defines open source software as software whose source code is publicly accessible and available for modification or enhancement by anyone. It then provides several benefits and reasons for using open source software, including improved security, quality, customizability, freedom from vendor lock-in, flexibility, interoperability, auditability, strong support communities, and lower costs compared to proprietary software. The document also discusses India's policy promoting the adoption of open source software by government organizations.
The Growing Research that Open Source Owns the Future in CloudAll Things Open
Presented by: Chris Ferris & Deb Bryant
Presented at the All Things Open 2021
Raleigh, NC, USA
Raleigh Convention Center
Abstract: The latest research on open source shows the growing need and value of the skills as well as the advancement of open source in the enterprise stack. Join Deb Bryant, Senior Director, Open Source Project Office at Red Hat and Chris Ferris, CTO, Open Technologies at IBM to cover the latest global research on Open Source. Red Hat and IBM embarked on research in 2020 that have insights on the state of open source, its practitioners and its future. 65% of developers consider skills and knowledge related to underlying Open Source cloud technologies to be more beneficial to their careers, than skills related to any specific cloud. Join us to cover some of the critical questions and discoveries which showed strong support for your skills in key open source technologies. While the widespread use of free and open source software and migration to the cloud are the two most significant shifts characterizing computing in the last two decades, open source technology is still the root of that innovation. In the era of hybrid cloud, open source is maintaining and increasing its influence. Our research suggests that over the long term, recruiting skills in the most fundamental open source tools and libraries will likely provide major benefits to both professionals and their organizations.
Empowering Financial Institutions to Use Open Source With ConfidenceWhiteSource
The days when financial institutions relied solemnly on proprietary code are over. Today, even the largest financial services firms have realized the benefits of using open source technology to build powerful, innovative applications at a reduced time-to-market. However, the financial services industry faces strict regulatory requirements that present it with a unique set of challenges, especially when it comes to open source usage (both consumption and contribution).
FINOS is a non-profit organization whose purpose is to accelerate collaboration and innovation in financial services through the adoption of open source software, standards and best practices. Together with WhiteSource, they are able to provide a safe environment for developers to use open source components freely and fearlessly.
Join FINOS and WhiteSource as they discuss:
The challenges of open source usage
The state of open source vulnerabilities management
How FINOS uses WhiteSource to ensure the security and IP compliance of FINOS-produced open source software
WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...DevOps.com
The days when financial institutions relied solemnly on proprietary code are over. Today, even the largest financial services firms have realized the benefits of using open source technology to build powerful, innovative applications at a reduced time-to-market. However, the financial services industry faces strict regulatory requirements that present it with a unique set of challenges, especially when it comes to open source usage (both consumption and contribution).
FINOS is a non-profit organization whose purpose is to accelerate collaboration and innovation in financial services through the adoption of open source software, standards and best practices. Together with WhiteSource, they are able to provide a safe environment for developers to use open source components freely and fearlessly.
Join FINOS and WhiteSource as they discuss:
The challenges of open source usage
The state of open source vulnerabilities management
How FINOS uses WhiteSource to ensure the security and IP compliance of FINOS-produced open source software
Presented at All Things Open 2022
Presented by Andrew Zigler
Title: Open Source All The Things
Abstract: Open source software is increasingly becoming the number one choice for software developers worldwide because it's considered best in class for its improved security, extensibility and customization, and high-quality tooling. Wouldn’t it be great if your entire software development lifecycle could take place on open source software?
The good news is that it absolutely can! Modern open source tools give your development team everything they need to be productive, from initial planning to production deployment. In this session, you’ll learn how to use 100% open source software to set up a complete development pipeline that includes source code management, CI/CD, service monitoring and notifications, team communications and collaboration, project and task management, and process automation. Attendees will come away with an arsenal of tools they can deploy for their team to become more efficient at the software development process.
Target Audience:
Anyone who works on a software development team and wants to find ways to make their team more productive and facilitate better collaboration. This session is ideal for developers and technical managers who want to use open source tools to reduce context switching and increase the focus time they have to write code.
DevOps for Highly Regulated EnvironmentsDevOps.com
Financial institutions, medical groups, governmental organizations, automotive companies… these types of entities all have unique and sometimes difficult-to-meet regulations. You may be required to have fine-grained auditability of your SDLC or maintain specific third-party integrations. Security models may be heightened, or certain types of compliance processes maintained. So how are we supposed to “do the DevOps” when we have so many things to worry about? In this webinar, we’ll explore some ways that you can adopt DevOps best practices and even (gasp!) thrive when building your DevOps and DevSecOps pipelines in highly-regulated industries.
- Stefan Streichsbier is the CEO of GuardRails and a professional white-hat hacker who has identified severe shortcomings in security processes and technologies, leading him to create GuardRails.
- The document discusses the evolution of DevOps and increasing complexity, the state of security and how it needs to fit within modern development workflows, and introduces the concept of DevSecOps to address shortcomings and better integrate security.
- Key aspects of DevSecOps discussed include how to create, test, and monitor secure applications and empower development teams to build security in from the start rather than see it as a separate function. Automated security tools and the need to reduce noise and improve usability for developers is also
This talk provides a brief history of how DevOps has enabled tech companies to become unicorns. Furthermore, is Security in DevOps important, who is responsible and what can teams do make security a competitive advantage.
Similar to All Things Open 2022 - State of OSS Security & Support (20)
Open Source Security and ChatGPT-Published.pdfJavier Perez
1) ChatGPT and other AI tools allow developers to produce code more quickly and efficiently but the validity and security of generated code must still be verified by developers.
2) While AI can introduce vulnerabilities if misused, it can also help find vulnerabilities when used properly under a developer's guidance.
3) Open source security involves continuously monitoring libraries and dependencies for vulnerabilities and applying patches through practices like software bill of materials and regular scans.
Open Source North - State of OSS in OrganizationsJavier Perez
This document discusses the state of open source software usage in organizations based on a survey. Some key findings include:
- Over 76% of organizations increased their use of open source in the last year, with 40.59% increasing significantly.
- The top reasons for using open source are access to innovation, cost reduction due to no licensing fees, and reducing vendor lock-in.
- Common challenges with open source include keeping up with updates and patches, installation upgrades, and ensuring sufficient personnel experience.
- Open source usage varies by industry, with retail having the highest usage at 60% and manufacturing the lowest rate of experts at under 30%.
Intro to open source - 101 presentationJavier Perez
This document provides an overview of open-source software and how to get started with it. It discusses the history of open-source software dating back to 1955. It defines key open-source concepts like licenses, roles, and best practices for contributing. It also highlights the large open-source ecosystems existing today and the top companies contributing to open-source. The document aims to address common questions or concerns about open-source software.
The document discusses open source software and IBM Z. It notes that the latest innovations in areas like augmented reality, virtual reality, and artificial intelligence are all based on open source technologies. It highlights some key open source statistics like over 210 million repositories and 500,000 projects. The rest of the document focuses on encouraging open source contribution and consumption, providing examples of open source projects relevant to IBM Z, and use cases that apply machine learning to real world problems using open source tools and libraries.
SacHacks Keynote Open Source Software and IBM ZJavier Perez
The document discusses open source software and how it relates to IBM Z. It notes that the latest innovations in areas like AI, ML and blockchain are all based on open source technologies. There are millions of open source projects, libraries, and over 50 million developers working on open source software. The document encourages both consuming and contributing to open source software and provides examples of how to get involved through activities like documentation, testing, translations and more. It also highlights several specific open source projects relevant to IBM Z.
All You need to Know about Secure Coding with Open Source SoftwareJavier Perez
This document provides an overview of secure coding with open source software. It discusses that open source software is now mainstream, used in many modern innovations. It describes what open source software is, the explosive growth of open source, and popular open source libraries and dependencies. The document outlines roles in open source projects and how to contribute. It discusses security considerations like vulnerabilities in open source libraries and the increased risk with reusing libraries. The document provides examples of popular open source projects like Angular.js and their contributions and vulnerabilities. It emphasizes the real risk is not a lack of fixes but the lack of speed in applying fixes. The importance of software composition analysis and vulnerability management for open source is highlighted.
This document provides an overview of open source software and recommendations for companies adopting open source. It discusses how open source can accelerate projects and attract talent. It profiles companies like Adobe, Netflix, Oracle, Samsung, and Microsoft that contribute to open source despite not being commonly associated with it. The document outlines how to launch an open source project, including using an open source license, README, contribution guidelines, and code of conduct. It also discusses roles in open source projects and various open source business models. The recommendations encourage companies to publish independent components on GitHub, take releases from GitHub, and create developer websites to engage with the open source community.
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfVALiNTRY360
Salesforce Healthcare CRM, implemented by VALiNTRY360, revolutionizes patient management by enhancing patient engagement, streamlining administrative processes, and improving care coordination. Its advanced analytics, robust security, and seamless integration with telehealth services ensure that healthcare providers can deliver personalized, efficient, and secure patient care. By automating routine tasks and providing actionable insights, Salesforce Healthcare CRM enables healthcare providers to focus on delivering high-quality care, leading to better patient outcomes and higher satisfaction. VALiNTRY360's expertise ensures a tailored solution that meets the unique needs of any healthcare practice, from small clinics to large hospital systems.
For more info visit us https://valintry360.com/solutions/health-life-sciences
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...kalichargn70th171
In today's business landscape, digital integration is ubiquitous, demanding swift innovation as a necessity rather than a luxury. In a fiercely competitive market with heightened customer expectations, the timely launch of flawless digital products is crucial for both acquisition and retention—any delay risks ceding market share to competitors.
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
UI5con 2024 - Bring Your Own Design SystemPeter Muessig
How do you combine the OpenUI5/SAPUI5 programming model with a design system that makes its controls available as Web Components? Since OpenUI5/SAPUI5 1.120, the framework supports the integration of any Web Components. This makes it possible, for example, to natively embed own Web Components of your design system which are created with Stencil. The integration embeds the Web Components in a way that they can be used naturally in XMLViews, like with standard UI5 controls, and can be bound with data binding. Learn how you can also make use of the Web Components base class in OpenUI5/SAPUI5 to also integrate your Web Components and get inspired by the solution to generate a custom UI5 library providing the Web Components control wrappers for the native ones.
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...The Third Creative Media
"Navigating Invideo: A Comprehensive Guide" is an essential resource for anyone looking to master Invideo, an AI-powered video creation tool. This guide provides step-by-step instructions, helpful tips, and comparisons with other AI video creators. Whether you're a beginner or an experienced video editor, you'll find valuable insights to enhance your video projects and bring your creative ideas to life.
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
What to do when you have a perfect model for your software but you are constrained by an imperfect business model?
This talk explores the challenges of bringing modelling rigour to the business and strategy levels, and talking to your non-technical counterparts in the process.
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Paul Brebner
Closing talk for the Performance Engineering track at Community Over Code EU (Bratislava, Slovakia, June 5 2024) https://eu.communityovercode.org/sessions/2024/why-apache-kafka-clusters-are-like-galaxies-and-other-cosmic-kafka-quandaries-explored/ Instaclustr (now part of NetApp) manages 100s of Apache Kafka clusters of many different sizes, for a variety of use cases and customers. For the last 7 years I’ve been focused outwardly on exploring Kafka application development challenges, but recently I decided to look inward and see what I could discover about the performance, scalability and resource characteristics of the Kafka clusters themselves. Using a suite of Performance Engineering techniques, I will reveal some surprising discoveries about cosmic Kafka mysteries in our data centres, related to: cluster sizes and distribution (using Zipf’s Law), horizontal vs. vertical scalability, and predicting Kafka performance using metrics, modelling and regression techniques. These insights are relevant to Kafka developers and operators.
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdfBaha Majid
IBM watsonx Code Assistant for Z, our latest Generative AI-assisted mainframe application modernization solution. Mainframe (IBM Z) application modernization is a topic that every mainframe client is addressing to various degrees today, driven largely from digital transformation. With generative AI comes the opportunity to reimagine the mainframe application modernization experience. Infusing generative AI will enable speed and trust, help de-risk, and lower total costs associated with heavy-lifting application modernization initiatives. This document provides an overview of the IBM watsonx Code Assistant for Z which uses the power of generative AI to make it easier for developers to selectively modernize COBOL business services while maintaining mainframe qualities of service.
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...XfilesPro
Wondering how X-Sign gained popularity in a quick time span? This eSign functionality of XfilesPro DocuPrime has many advancements to offer for Salesforce users. Explore them now!
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
Using Query Store in Azure PostgreSQL to Understand Query Performance
All Things Open 2022 - State of OSS Security & Support
1. Image by Gerd Altmann from Pixabay
Image by Gerd Altmann from Pixabay
Javier Perez
Chief Evangelist & Sr. Director Product Management, OpenLogic by Perforce
The State of Open Source
Software, Security & Support
2. Nice To Meet You!
Chief Evangelist & Sr. Director Product Management
@jperezp_bos
javierperez.mozello.com
www.linkedin.com/in/javierperez
Javier Perez
3. 2.1M +
1,034 packages per day
504K +
157 packages per day
355K +
87 packages per day
410K +
276 packages per day
328K +
150 packages per day
173K +
15 packages per day
Source: Oct 28, 2022 www.modulecounts.com
5. Has your organization increased the use of open source
software over the last year?
Yes
Yes, significantly
Remain the same
Reduced the use of open source
41%
36%
22%
1.6%
YES
77%
11. Risks of Ignoring End-of-Life
• Unpatched CVEs means an ongoing and compounding risk of exploit
• Incompatibility with newer software
• No-compliance (internal policy or industry compliance)
• Becoming more complex to upgrade or migrate in the future, more support required
• Self Support Cost: Development resources away from their jobs, expertise required
12. Open Source Support Challenges
Keeping up
with updates
& patches
Installation
upgrades &
configuration
Personnel
experience &
proficiency
13. • Constant releases and apply security patches
• End-of-life versions
Vulnerability Vulnerability
Discovered
Vulnerability
Fixed
Vulnerability Vulnerability
Discovered
Vulnerability
Fixed
Vulnerability
V1.0.0 V1.0.1 V1.0.2
Keeping Up With Updates and Patches
Example: OpenSSL releasing 3.0.7 today
14. Increased
Awareness
Open Source Security Today
• Identify Inventory: Software Bill of Materials
(SBOM)
• Security Scans: Vulnerability Detection
• Apply Fixes: Patches
15. • Open source libraries reusability
• Depending on the Programming
Language libraries can have up to
1000’s of dependencies
• A real risk for all software when there
are vulnerabilities in dependencies
Dependencies and Vulnerabilities
* Sources: graphcommons.com
16. Education
Open Source Software Security Mobilization Plan
Risk
Assessment
Top 10K OSS
Digital
Signatures
Move to
Memory Safe
Languages
Incident
Response
Team
Coordinated
Public
Disclosure
Code
Reviews Top
200 OSS
Industry Data
Sharing
SBOM
Everywhere
Enhance
Package
Management
17. ISO/IEC 5230 Open Chain Standard
• Organization Level License Compliance for every OSS artifact
• Documented process
• SBOM verification
• Open source community engagement
License
Risk
18. Open Source and US Government
White House Executive Order on Improving Cybersecurity - Working Groups
H.R. 7667 Medical Device Security Bill – Vulnerability
detection and SBOMs directive
The Federal Trade Commission (FTC) advise companies to patch Log4J –
Legal Action
19. Open Source and US Government
Cybersecurity and Infrastructure Security Agency (CISA) – Binding directive
making vulnerability disclosure mandatory
National Security Strategy - Aligning with Orgs & OSS
US Senate Securing Open Source Software Act – Best practices
assessment framework, OSPO, and hire OSS experts
20. Open Source Maturity in Organizations
Desired
Position
/Efforts
Time
Consumers
Adopting (cost, time, or modernize)
Deploying and complying with licenses
Participants
Limited contributions to open source
Increased use & adoption, business-critical
Contributor
Contributions to open source projects
Investment in open source technologies
Leader
Launching new open projects & initiatives
Establishing Open Source Program Office
21. Maturity in Organizations by the Numbers
Retail has the
highest OSS
Usage at 60%
Manufacturing
with the Lowest
Rate of Experts
30%
Banking,
Insurance,
Financial Services
with most
Innersources 19%
Healthcare and
Pharma with the
Highest Rate of
OSPOs 21%
* Sources: 2022 State of Open Source Report
22. Open Source Jobs Report
Source: The Linux Foundation OSS Jobs Report
93%
Of Employers with
difficulty finding
talent with OSS
Skills
77%
of orgs are
growing their use
of cloud-native
technologies
Most on demand skills: Cloud/Container Technology, Linux, DevOps/GitOps,
Cybersecurity, AI/ML, Web Technologies
81%
of open source
professionals
plan to add
certifications
23. Key Takeaways
§ Open source release life cycles, EOL and LTS are constantly changing
§ Lessons from CentOS and AngularJS EOL
§ OSS communities work on security, the key is to keep up with updates and patches
§ There’s more Open Source Security Awareness and Government participation
24. Has your organization increased the use of open source
software over the last year?
Yes
Yes, significantly
41%
36%
YES
77%
25. Has your organization increased the use of open source
software over the last year?
Yes
Yes, significantly
50%
35%
YES
85%
Latest Results