Analyze the potential risks of using open source software in an enterprise _ open source software

Many companies choose to use Open-source Software (OSS) to build more flexible products, but there is also a potential risk that software vendors and IoT manufacturers need to understand the risks hidden in the software supply chain. Known risks

For example, a criminal can take advantage of the Apache Struts cve-2017-5638 Vulnerability to obtain personal data for Equifax customers. As we all know, Apache struts is a widely used framework for open source component –web servers that can be used to receive and deliver business data in the company's internal systems. Ultimately, it is because of the vulnerabilities of this open-source component that make it the primary target of cyber attacks. Main findings

According to a recent report by Flexera, 50% of the code found in commercial and IoT software products is related to open source software. But the survey showed that only 37% of respondents said they had access to and use of Open-source software. And 63% said they didn't get or use open-source software, or that they didn't know it existed.

And it is understood that no one is responsible for the security of Open source software at present: 39% of respondents said that no one within their company is responsible for the security of open source software, or that they simply do not know who should be responsible.

In addition, the contributors to Open-source software are not following best practices: 33% per cent of respondents said their companies had contributed to open source projects. However, 63% of respondents said their company did not have open source procurement or use policy at all, and of course, 43% of respondents said they themselves contribute to open source projects.

Either way, we can't ignore the fact that open source is an obvious shortcut. Jeff Luszcz, vice president of Flexera product management, said: "It's very important for the fast pace of software development to get the products out of the open source code quickly." "However, most software engineers do not keep track of open source usage in private, and most software executives are unaware of a certain gap in their safety/compliance risks." ”

In fact, the process of using open source software for security compliance, licensing and other processes may be far more convenient than simple to use, but these processes are undoubtedly essential.

"The security compliance process of open source software can protect the product and brand reputation well." But most software and IoT vendors are unaware of the problems, so they are not protecting themselves and their households, "Luszcz said," For vendors that expose the risks of product compliance and vulnerabilities, and those who don't know they are running open source and other Third-party software, It may even be a customer that contains software vulnerabilities that can compromise the entire software supply chain. ”

2017 Hui are on the 14 anniversary of the carnival to get things done. Hit golden eggs 100% cash red envelopes, the fulfilment of Hao send the iphone X, the iphone 8, devexpress Chinese free delivery, team upgrade training Package Jin province 100,000 yuan ... More surprises waiting for you to explore.