Netizen Corporation, profile picture
Uploaded byNetizen Corporation
PPTX, PDF88 views

Open Source Software Security

The document discusses open source software, noting that it is used almost everywhere due to its low cost and customizability. While open source provides benefits, it also poses security risks if vulnerabilities are not addressed. Many major security breaches have exploited vulnerabilities in open source components. The document recommends maintaining awareness of open source vulnerabilities, updating and patching software often, leveraging security professionals, and participating in open source communities to help improve security.

Embed presentation

Download to read offline
Open Source Security Michael W. Hawkins CEO, Netizen Corporation https://www.NetizenCorp.com MHawkins@NetizenCorp.com
© 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 Open Source: Security Risks and Benefits open source initiative
© 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 What Is It? Open Source (adj) – denoting software for which the original source code is made freely available and may be redistributed and modified Open Source is “free” as in speech, not necessarily “free” as in beer
© 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 In Open Source, you have the right to control your own destiny. Linus Torvalds Creator of the Linux operating system Open Source = Transparency and Freedom “ ”
© 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 Where is Open Source used? (hint: everywhere)
According to a 2017 Black Duck Software report, open source components are now present in 96 percent of commercial applications. The average commercial application has 147 different open source components. Source: https://www.blackducksoftware.com/open-source-security-risk-analysis-2017 © 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 Where is Open Source used?
© 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 What Are The Benefits? Typically low or no cost (as in price) to own and use Can be customized and/or redistributed No hidden code – what you see is what you get Can be easily packaged into commercial products Can release features and patches quickly
• Can have a high cost to maintain - it can require expertise • You are on your own to determine security worthiness/fitness • Security, maintenance and configuration is entirely up to you • Typically there are no guarantees at all of security and/or quality “…only 28 percent of organizations do any kind of regular analysis to find out what components are built into their applications.” © 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 What Are The Drawbacks? Source: https://www.veracode.com/resources/state-of-software-security
2017 Equifax Breach • Failed to patch a known security issue in an open source web application server (Struts) HeartBleed (openssl) • Affected HUNDREDS OF MILLIONS of products, companies, applications and websites • Caused a major breach at a large healthcare provider and many others Quadrooter (Android), Glibc (programming languages), and on and on… Over 900 major Open Source vulnerabilities were reported in 2017 alone and it takes an average of 2.9 years to find and report these issues. © 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 Open Source Security Gone Wrong Source: https://snyk.io/stateofossecurity/
MAINTAIN AWARENESS © 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 What Can You Do?
UPDATE AND PATCH OFTEN © 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 What Can You Do?
READ THE DOCUMENTATION © 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 What Can You Do?
LEVERAGE PROFESSIONALS © 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 What Can You Do?
PERFORM TESTING © 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 What Can You Do?
MAINTAIN AN INVENTORY © 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 What Can You Do?
PERFORM ASSESSMENTS © 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 What Can You Do?
PARTICIPATE AND CONTRIBUTE © 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 What Can You Do?
© 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 Bonus Information Some good Open Source security tools: ELK Stack OWASP Zap Sonarqube
© 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 Questions?

More Related Content

PDF
Cloud Access Security Brokers - What's all the Hype
byJoAnna Cheshire
 
PDF
Glasswall - Safety and Integrity Through Trusted Files
byDinis Cruz
 
PPTX
Cloud Security for Dummies Webinar — The Identity Edition
byNetskope
 
PDF
Synopsys Security Event Israel Presentation: Case Study: OSS Management – The...
bySynopsys Software Integrity Group
 
PPTX
The Definitive CASB Business Case Kit - Presentation
byNetskope
 
PPTX
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
byWeSecure
 
PPTX
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
byNetskope
 
PPTX
Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud
byNetskope
 
Cloud Access Security Brokers - What's all the Hype
byJoAnna Cheshire
 
Glasswall - Safety and Integrity Through Trusted Files
byDinis Cruz
 
Cloud Security for Dummies Webinar — The Identity Edition
byNetskope
 
Synopsys Security Event Israel Presentation: Case Study: OSS Management – The...
bySynopsys Software Integrity Group
 
The Definitive CASB Business Case Kit - Presentation
byNetskope
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
byWeSecure
 
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
byNetskope
 
Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud
byNetskope
 

What's hot

PPTX
Netskope — Shadow IT Is A Good Thing
byNetskope
 
PDF
Netskope Overview
byNetskope
 
PPTX
Reference Architecture for Data Loss Prevention in the Cloud
byNetskope
 
PDF
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
byElasticsearch
 
PDF
ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps
byUA DevOps Conference
 
PPTX
Data Breach: The Cloud Multiplier Effect
byNetskope
 
PDF
Dinis Cruz (CV) - CISO and Transformation Agent v1.2
byDinis Cruz
 
PPTX
Data Privacy, Security, and Sovereignty in a Cloudy World
byNetskope
 
PPTX
Making the Case for Stronger Endpoint Data Visibility
bydianadvo
 
PDF
ThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
byThinAir
 
PPTX
Quantifying Cloud Risk for Your Corporate Leadership
byNetskope
 
PPTX
Modern Security the way Equifax Should Have
byEric Vanderburg
 
PPTX
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
byNetskope
 
PDF
Agile Enterprise Rome 2018 - Ops and Security in a PaaS and Serverless world
byChris Swan
 
PPTX
CipherCloud's Solutions for Salesforce Chatter
byCipherCloud
 
PDF
Secure Infrastructure for the Mobile Legion
byRaphael Reitzig
 
PDF
Garantice la continuidad de su negocio Damian Prieto
byCristian Garcia G.
 
PPTX
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
byTripwire
 
PDF
(OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6
byDinis Cruz
 
PDF
The view of auditor on cybercrime
byMarc Vael
 
Netskope — Shadow IT Is A Good Thing
byNetskope
 
Netskope Overview
byNetskope
 
Reference Architecture for Data Loss Prevention in the Cloud
byNetskope
 
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
byElasticsearch
 
ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps
byUA DevOps Conference
 
Data Breach: The Cloud Multiplier Effect
byNetskope
 
Dinis Cruz (CV) - CISO and Transformation Agent v1.2
byDinis Cruz
 
Data Privacy, Security, and Sovereignty in a Cloudy World
byNetskope
 
Making the Case for Stronger Endpoint Data Visibility
bydianadvo
 
ThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
byThinAir
 
Quantifying Cloud Risk for Your Corporate Leadership
byNetskope
 
Modern Security the way Equifax Should Have
byEric Vanderburg
 
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
byNetskope
 
Agile Enterprise Rome 2018 - Ops and Security in a PaaS and Serverless world
byChris Swan
 
CipherCloud's Solutions for Salesforce Chatter
byCipherCloud
 
Secure Infrastructure for the Mobile Legion
byRaphael Reitzig
 
Garantice la continuidad de su negocio Damian Prieto
byCristian Garcia G.
 
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
byTripwire
 
(OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6
byDinis Cruz
 
The view of auditor on cybercrime
byMarc Vael
 

Similar to Open Source Software Security

PDF
(In)security in Open Source
byShane Coughlan
 
PDF
OPS_Unit-1--Open Source Demystifying.pdf
bySonaShaiju1
 
PPTX
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
byBlack Duck by Synopsys
 
PPTX
Introduction To Open Source
byUchechukwu Obimma
 
PPT
FOSS and Security
byBud Siddhisena
 
PDF
Security in open source projects
byJose Manuel Ortega Candel
 
PPT
Open source technology
byRohit Kumar
 
PPTX
Managing Open Source in Application Security and Software Development Lifecycle
byBlack Duck by Synopsys
 
PPTX
A question of trust - understanding Open Source risks
byTim Mackey
 
PPT
Intellectual Property Open Source Software Movement
byaliraza786
 
PPTX
Open source technologies
byankita9765
 
PPTX
RVAsec Bill Weinberg Open Source Hygiene Presentation
byBlack Duck by Synopsys
 
PPTX
Push To Test - Open Source Adoption in the Enterprise
byAndrew Aitken
 
PPTX
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
byBlack Duck by Synopsys
 
PPTX
Open Security - Chad Cravens
byIT-oLogy
 
PPT
Open Source Issues and Trends
byNicole Baratta
 
PDF
Security in the Age of Open Source
byFINOS
 
PPTX
Open source software
byjaimeacurry
 
PPTX
Open source technologies
byankita9765
 
PPTX
Security in the Age of Open Source
byBlack Duck by Synopsys
 
(In)security in Open Source
byShane Coughlan
 
OPS_Unit-1--Open Source Demystifying.pdf
bySonaShaiju1
 
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
byBlack Duck by Synopsys
 
Introduction To Open Source
byUchechukwu Obimma
 
FOSS and Security
byBud Siddhisena
 
Security in open source projects
byJose Manuel Ortega Candel
 
Open source technology
byRohit Kumar
 
Managing Open Source in Application Security and Software Development Lifecycle
byBlack Duck by Synopsys
 
A question of trust - understanding Open Source risks
byTim Mackey
 
Intellectual Property Open Source Software Movement
byaliraza786
 
Open source technologies
byankita9765
 
RVAsec Bill Weinberg Open Source Hygiene Presentation
byBlack Duck by Synopsys
 
Push To Test - Open Source Adoption in the Enterprise
byAndrew Aitken
 
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
byBlack Duck by Synopsys
 
Open Security - Chad Cravens
byIT-oLogy
 
Open Source Issues and Trends
byNicole Baratta
 
Security in the Age of Open Source
byFINOS
 
Open source software
byjaimeacurry
 
Open source technologies
byankita9765
 
Security in the Age of Open Source
byBlack Duck by Synopsys
 

Recently uploaded

PDF
CodeFulcrum Company Profile - Engineering Scalable Software for High-Growth E...
byCodeFulcrum
 
PDF
Hack&Verse Kick-off and infor session Event ppt
bysanidhyasahu1120
 
PDF
Problem Solving_20241203_220045_0000.pdf
bythakurayush00991
 
PDF
our environment ppt made by many people name rarang yadav
byrarang180
 
PDF
Incident Management Roles & Responsibilities.pdf
byTaskCall
 
PPTX
Project System Presentation details process presentation
bytejpratappandey4
 
PPTX
Introduction to Software Development and Modern Practices
byM Munim
 
PPTX
Architectural Styles in Software Engineering
byM Munim
 
PDF
CatoCoin (CATO) – Smart Contract Security Audit Report by EtherAuthority
byEtherAuthority
 
PDF
Mitr Sarthi: A Smart ERP for Modern Manufacturers
byGamavis Software Solutions
 
PDF
Latest Courier Management Software 2026 | Complete Courier & Logistics Solution
byCourier Softwares
 
PDF
Building Strong IT Systems Using the Site Reliability Engineering
byAvekshaa Technologies
 
PPTX
UAE-Based Insurer Transforms Operations with InsureEdge
byInsurance Tech Services
 
PDF
DSD-INT 2025 Large scale unsaturated zone modelling - Sequential Steady State...
byDeltares
 
PDF
Prasenjit Bhaumik Plano - Specializing In Web Applications
byPrasenjit Bhaumik Plano
 
PDF
Inside An AI Powered ERP System for Process Manufacturers
byBatchMaster Software Pvt. Ltd.
 
PPTX
ManageIQ - Sprint 278 Review - Slide Deck
byManageIQ
 
PDF
Cloud Engineering Services | Infysion Technologies
bysolutioninginfysion
 
PPTX
EMR Software for Gynaecology Clinics How EasyClinic Supports Continuity, Priv...
byEasy Clinic
 
PDF
Python Core Interview Cheat Sheet for a Senior Interview
byStanislav Lazarenko
 
CodeFulcrum Company Profile - Engineering Scalable Software for High-Growth E...
byCodeFulcrum
 
Hack&Verse Kick-off and infor session Event ppt
bysanidhyasahu1120
 
Problem Solving_20241203_220045_0000.pdf
bythakurayush00991
 
our environment ppt made by many people name rarang yadav
byrarang180
 
Incident Management Roles & Responsibilities.pdf
byTaskCall
 
Project System Presentation details process presentation
bytejpratappandey4
 
Introduction to Software Development and Modern Practices
byM Munim
 
Architectural Styles in Software Engineering
byM Munim
 
CatoCoin (CATO) – Smart Contract Security Audit Report by EtherAuthority
byEtherAuthority
 
Mitr Sarthi: A Smart ERP for Modern Manufacturers
byGamavis Software Solutions
 
Latest Courier Management Software 2026 | Complete Courier & Logistics Solution
byCourier Softwares
 
Building Strong IT Systems Using the Site Reliability Engineering
byAvekshaa Technologies
 
UAE-Based Insurer Transforms Operations with InsureEdge
byInsurance Tech Services
 
DSD-INT 2025 Large scale unsaturated zone modelling - Sequential Steady State...
byDeltares
 
Prasenjit Bhaumik Plano - Specializing In Web Applications
byPrasenjit Bhaumik Plano
 
Inside An AI Powered ERP System for Process Manufacturers
byBatchMaster Software Pvt. Ltd.
 
ManageIQ - Sprint 278 Review - Slide Deck
byManageIQ
 
Cloud Engineering Services | Infysion Technologies
bysolutioninginfysion
 
EMR Software for Gynaecology Clinics How EasyClinic Supports Continuity, Priv...
byEasy Clinic
 
Python Core Interview Cheat Sheet for a Senior Interview
byStanislav Lazarenko
 

Open Source Software Security

  • 1.
    Open Source Security MichaelW. Hawkins CEO, Netizen Corporation https://www.NetizenCorp.com MHawkins@NetizenCorp.com
  • 2.
    © 2018 NetizenCorporation | www.Netizen.net | 800-450-1773 Open Source: Security Risks and Benefits open source initiative
  • 3.
    © 2018 NetizenCorporation | www.Netizen.net | 800-450-1773 What Is It? Open Source (adj) – denoting software for which the original source code is made freely available and may be redistributed and modified Open Source is “free” as in speech, not necessarily “free” as in beer
  • 4.
    © 2018 NetizenCorporation | www.Netizen.net | 800-450-1773 In Open Source, you have the right to control your own destiny. Linus Torvalds Creator of the Linux operating system Open Source = Transparency and Freedom “ ”
  • 5.
    © 2018 NetizenCorporation | www.Netizen.net | 800-450-1773 Where is Open Source used? (hint: everywhere)
  • 6.
    According to a2017 Black Duck Software report, open source components are now present in 96 percent of commercial applications. The average commercial application has 147 different open source components. Source: https://www.blackducksoftware.com/open-source-security-risk-analysis-2017 © 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 Where is Open Source used?
  • 7.
    © 2018 NetizenCorporation | www.Netizen.net | 800-450-1773 What Are The Benefits? Typically low or no cost (as in price) to own and use Can be customized and/or redistributed No hidden code – what you see is what you get Can be easily packaged into commercial products Can release features and patches quickly
  • 8.
    • Can havea high cost to maintain - it can require expertise • You are on your own to determine security worthiness/fitness • Security, maintenance and configuration is entirely up to you • Typically there are no guarantees at all of security and/or quality “…only 28 percent of organizations do any kind of regular analysis to find out what components are built into their applications.” © 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 What Are The Drawbacks? Source: https://www.veracode.com/resources/state-of-software-security
  • 9.
    2017 Equifax Breach •Failed to patch a known security issue in an open source web application server (Struts) HeartBleed (openssl) • Affected HUNDREDS OF MILLIONS of products, companies, applications and websites • Caused a major breach at a large healthcare provider and many others Quadrooter (Android), Glibc (programming languages), and on and on… Over 900 major Open Source vulnerabilities were reported in 2017 alone and it takes an average of 2.9 years to find and report these issues. © 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 Open Source Security Gone Wrong Source: https://snyk.io/stateofossecurity/
  • 10.
    MAINTAIN AWARENESS © 2018Netizen Corporation | www.Netizen.net | 800-450-1773 What Can You Do?
  • 11.
    UPDATE AND PATCHOFTEN © 2018 Netizen Corporation | www.Netizen.net | 800-450-1773 What Can You Do?
  • 12.
    READ THE DOCUMENTATION ©2018 Netizen Corporation | www.Netizen.net | 800-450-1773 What Can You Do?
  • 13.
    LEVERAGE PROFESSIONALS © 2018Netizen Corporation | www.Netizen.net | 800-450-1773 What Can You Do?
  • 14.
    PERFORM TESTING © 2018Netizen Corporation | www.Netizen.net | 800-450-1773 What Can You Do?
  • 15.
    MAINTAIN AN INVENTORY ©2018 Netizen Corporation | www.Netizen.net | 800-450-1773 What Can You Do?
  • 16.
    PERFORM ASSESSMENTS © 2018Netizen Corporation | www.Netizen.net | 800-450-1773 What Can You Do?
  • 17.
    PARTICIPATE AND CONTRIBUTE ©2018 Netizen Corporation | www.Netizen.net | 800-450-1773 What Can You Do?
  • 18.
    © 2018 NetizenCorporation | www.Netizen.net | 800-450-1773 Bonus Information Some good Open Source security tools: ELK Stack OWASP Zap Sonarqube
  • 19.
    © 2018 NetizenCorporation | www.Netizen.net | 800-450-1773 Questions?