WhiteSource, profile picture
Uploaded byWhiteSource
PDF, PPTX112 views

Open Source Security at Scale- The DevOps Challenge 

The document discusses the importance of managing open source security in DevOps, highlighting that 96.8% of developers use open source components. It emphasizes the rise in security vulnerabilities and the inefficient prioritization of fixes by companies. Key recommendations include automating scanning, prioritization, and remediation processes throughout the software development lifecycle.

Software
Related topics:
Information Security

Embed presentation

Download as PDF, PPTX
Open Source Security at Scale The DevOps Challenge
Hello! Shiri Arad Ivtsan Product Manager @WhiteSource Shiri.ivtsan@WhiteSourceSoftware.com
Continuous Delivery
Continuous Delivery
Open Source 96.8%of the developers rely on open source components
Security in Open Source
Some Basic Statistics * Based on a survey conducted in more than 650 companies
OSS Security Vulnerabilities Are On The Rise 51% The observed YoY rise of reported vulnerabilities in 2017
Open Source Challenges Onechallenging area in particular is pronounced
Companies Do Not Prioritize Their Fixes Efficiently Criticality of the project that might be impacted by the vulnerability Availability of the suggested fix Perceived impact of the vulnerability on projects Number of software libraries containing the vulnerability Vulnerability severity Creation date of the vulnerability alert prioritize based on the real business impact ~56% Just
Recent News Integrity Availability Security-Protection
Security Throughout The SDLC Pipeline
Scan
CI/CD Pipeline Code Build Package Deploy
Code Code Build Package Deploy • Choose the right component from the earliest stages • Automatically open pull requests for patches • Restrict merges if vulnerabilities exist
Build Code Build Package Deploy • Scan on any build • Fail builds based on policies (i.e high severity vulnerabilities)
Package Code Build Package Deploy • Scan Docker images – in private and public image registries
Deploy Code Build Package Deploy • Scan upon deployment to your production platform • Monitor running applications in production for newly published vulnerabilities
Key Takeaways Know your code Monitor it frequently Make it simple & faster: Automate • Automate the scanning • Automate the prioritization • Automate your remediation
Q&A

More Related Content

PDF
The State of Open Source Vulnerabilities Management
byWhiteSource
 
PDF
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your Risk
byWhiteSource
 
PDF
Tackling the Risks of Open Source Security: 5 Things You Need to Know
byWhiteSource
 
PPTX
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
byWhiteSource
 
PDF
The Challenges of Scaling DevSecOps
byWhiteSource
 
PDF
Taking Open Source Security to the Next Level
byWhiteSource
 
PDF
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
byWhiteSource
 
PDF
Empowering Financial Institutions to Use Open Source With Confidence
byWhiteSource
 
The State of Open Source Vulnerabilities Management
byWhiteSource
 
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your Risk
byWhiteSource
 
Tackling the Risks of Open Source Security: 5 Things You Need to Know
byWhiteSource
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
byWhiteSource
 
The Challenges of Scaling DevSecOps
byWhiteSource
 
Taking Open Source Security to the Next Level
byWhiteSource
 
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
byWhiteSource
 
Empowering Financial Institutions to Use Open Source With Confidence
byWhiteSource
 

What's hot

PDF
Tackling the Container Iceberg:How to approach security when most of your sof...
byWhiteSource
 
PPTX
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
byWhiteSource
 
PDF
Open Source Security: How to Lay the Groundwork for a Secure Culture
byWhiteSource
 
PDF
Winning open source vulnerabilities without loosing your deveopers - Azure De...
byWhiteSource
 
PPTX
Automating Open Source Security: A SANS Review of WhiteSource
byWhiteSource
 
PPTX
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
byWhiteSource
 
PPTX
DevSecOps outline
byNickleus Jimenez
 
PPTX
The State of Open Source Vulnerabilities - A WhiteSource Webinar
byWhiteSource
 
PDF
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
byDevOps.com
 
PDF
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
byWhiteSource
 
PDF
PIACERE - DevSecOps Automated
byPIACERE
 
PPTX
WhiteSource Webinar What's New With WhiteSource in December 2018
byWhiteSource
 
PPTX
Benefits of DevSecOps
byFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
PPTX
DevSecOps
byJoel Divekar
 
PPTX
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
byDevOps Indonesia
 
PDF
Demystifying DevSecOps
byArchana Joshi
 
PPTX
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
byDevOps.com
 
PPTX
DEVSECOPS: Coding DevSecOps journey
byJason Suttie
 
PPTX
Practical DevSecOps Using Security Instrumentation
byVMware Tanzu
 
PPTX
A journey from dev ops to devsecops
byVeritis Group, Inc
 
Tackling the Container Iceberg:How to approach security when most of your sof...
byWhiteSource
 
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
byWhiteSource
 
Open Source Security: How to Lay the Groundwork for a Secure Culture
byWhiteSource
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
byWhiteSource
 
Automating Open Source Security: A SANS Review of WhiteSource
byWhiteSource
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
byWhiteSource
 
DevSecOps outline
byNickleus Jimenez
 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
byWhiteSource
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
byDevOps.com
 
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
byWhiteSource
 
PIACERE - DevSecOps Automated
byPIACERE
 
WhiteSource Webinar What's New With WhiteSource in December 2018
byWhiteSource
 
Benefits of DevSecOps
byFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevSecOps
byJoel Divekar
 
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
byDevOps Indonesia
 
Demystifying DevSecOps
byArchana Joshi
 
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
byDevOps.com
 
DEVSECOPS: Coding DevSecOps journey
byJason Suttie
 
Practical DevSecOps Using Security Instrumentation
byVMware Tanzu
 
A journey from dev ops to devsecops
byVeritis Group, Inc
 

Similar to Open Source Security at Scale- The DevOps Challenge 

PPTX
Software Security Assurance for Devops
byJerika Phelps
 
PPTX
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
byBlack Duck by Synopsys
 
PPTX
Software Security Assurance for DevOps
byBlack Duck by Synopsys
 
PDF
(In)security in Open Source
byShane Coughlan
 
PPTX
Security in the Age of Open Source
byBlack Duck by Synopsys
 
PPTX
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
byWhiteSource
 
PPTX
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
byWhiteSource
 
PDF
All Things Open 2022 - State of OSS Security & Support
byJavier Perez
 
PPTX
A question of trust - understanding Open Source risks
byTim Mackey
 
PPTX
All You need to Know about Secure Coding with Open Source Software
byJavier Perez
 
PDF
The State of Open Source Vulnerabilities Management
bySBWebinars
 
PPTX
September 13, 2016: Security in the Age of Open Source:
byBlack Duck by Synopsys
 
PPTX
Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...
byBlack Duck by Synopsys
 
PPTX
Security in the age of open source - Myths and misperceptions
byTim Mackey
 
PPTX
Managing Open Source in Application Security and Software Development Lifecycle
byBlack Duck by Synopsys
 
PDF
DevSecOps: The Open Source Way
byBlack Duck by Synopsys
 
PPTX
DevSecCon London 2017: when good containers go bad by Tim Mackey
byDevSecCon
 
PDF
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
bySynopsys Software Integrity Group
 
PPTX
Welcome & The State of Open Source Security
byJerika Phelps
 
PDF
Donu’t Let Vulnerabilities Create a Hole in Your Organization
byDevOps.com
 
Software Security Assurance for Devops
byJerika Phelps
 
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
byBlack Duck by Synopsys
 
Software Security Assurance for DevOps
byBlack Duck by Synopsys
 
(In)security in Open Source
byShane Coughlan
 
Security in the Age of Open Source
byBlack Duck by Synopsys
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
byWhiteSource
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
byWhiteSource
 
All Things Open 2022 - State of OSS Security & Support
byJavier Perez
 
A question of trust - understanding Open Source risks
byTim Mackey
 
All You need to Know about Secure Coding with Open Source Software
byJavier Perez
 
The State of Open Source Vulnerabilities Management
bySBWebinars
 
September 13, 2016: Security in the Age of Open Source:
byBlack Duck by Synopsys
 
Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...
byBlack Duck by Synopsys
 
Security in the age of open source - Myths and misperceptions
byTim Mackey
 
Managing Open Source in Application Security and Software Development Lifecycle
byBlack Duck by Synopsys
 
DevSecOps: The Open Source Way
byBlack Duck by Synopsys
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
byDevSecCon
 
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
bySynopsys Software Integrity Group
 
Welcome & The State of Open Source Security
byJerika Phelps
 
Donu’t Let Vulnerabilities Create a Hole in Your Organization
byDevOps.com
 

More from WhiteSource

PDF
Securing Container-Based Applications at the Speed of DevOps
byWhiteSource
 
PDF
Deep Dive into Container Security
byWhiteSource
 
PDF
Fire alarms vs. Fire hoses: Keeping up with Dependencies
byWhiteSource
 
PDF
DevSecOps: Closing the Loop from Detection to Remediation
byWhiteSource
 
PDF
Barriers to Container Security and How to Overcome Them
byWhiteSource
 
PDF
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
byWhiteSource
 
PDF
Top Open Source Licenses Explained
byWhiteSource
 
PDF
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
byWhiteSource
 
PPTX
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
byWhiteSource
 
PPTX
Strategies for Improving Enterprise Application Security - a WhiteSource Webinar
byWhiteSource
 
PPTX
How temenos manages open source use, the easy way combined
byWhiteSource
 
Securing Container-Based Applications at the Speed of DevOps
byWhiteSource
 
Deep Dive into Container Security
byWhiteSource
 
Fire alarms vs. Fire hoses: Keeping up with Dependencies
byWhiteSource
 
DevSecOps: Closing the Loop from Detection to Remediation
byWhiteSource
 
Barriers to Container Security and How to Overcome Them
byWhiteSource
 
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
byWhiteSource
 
Top Open Source Licenses Explained
byWhiteSource
 
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
byWhiteSource
 
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
byWhiteSource
 
Strategies for Improving Enterprise Application Security - a WhiteSource Webinar
byWhiteSource
 
How temenos manages open source use, the easy way combined
byWhiteSource
 

Recently uploaded

PDF
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
PPTX
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 
PPTX
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
PDF
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
PDF
Langchain4J – An Introduction for Impatient Developers
byJuarez Junior
 
PDF
Building Smarter AI: 16 RAG Approaches for Accuracy, Memory, and Reasoning Vi...
byVineet Sharma
 
PDF
Metrics, Logs, Traces, and Mayhem_ Introducing an observability adventure gam...
byImma Valls Bernaus
 
PPTX
Data Skills for Business Analysts: What You Need to Succeed
byScott W. Ambler
 
PPTX
How CFD Simulations Support Sustainable Data Center Design Optimization
byWeb Synergies
 
PPTX
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
PDF
HuemanAI Platform Overview.pptx (1) (2).pdf
byAnkur Handoo
 
PDF
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
PDF
The Ultimate Guide to Real Estate Tokenization Platforms
byDaniel Smith
 
PDF
Mastering Zero-Allocation Parsers: A Deep Dive into High-Performance C#
byVineet Sharma
 
PDF
Jira, Powered by Enterprise-Grade Intelligence from NeoroTalks.pdf
byNeoro Talks
 
PDF
Lost Android Phone Recovery_ Steps That Work Fast.pdf
byIsabella Reed
 
PPTX
Connecting to MCP Servers in OutSystems Platform
byOzanCali
 
PDF
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
PPTX
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
PPTX
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
Langchain4J – An Introduction for Impatient Developers
byJuarez Junior
 
Building Smarter AI: 16 RAG Approaches for Accuracy, Memory, and Reasoning Vi...
byVineet Sharma
 
Metrics, Logs, Traces, and Mayhem_ Introducing an observability adventure gam...
byImma Valls Bernaus
 
Data Skills for Business Analysts: What You Need to Succeed
byScott W. Ambler
 
How CFD Simulations Support Sustainable Data Center Design Optimization
byWeb Synergies
 
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
HuemanAI Platform Overview.pptx (1) (2).pdf
byAnkur Handoo
 
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
The Ultimate Guide to Real Estate Tokenization Platforms
byDaniel Smith
 
Mastering Zero-Allocation Parsers: A Deep Dive into High-Performance C#
byVineet Sharma
 
Jira, Powered by Enterprise-Grade Intelligence from NeoroTalks.pdf
byNeoro Talks
 
Lost Android Phone Recovery_ Steps That Work Fast.pdf
byIsabella Reed
 
Connecting to MCP Servers in OutSystems Platform
byOzanCali
 
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 

Open Source Security at Scale- The DevOps Challenge