ENJOYING OPEN SOURCE WITHOUT COMPROMISING BUSINESS. Dr. Ron Rymon Founder, White Source Software ron@whitesourcesoftware.com



Similar documents
BOM based on what they input into fossology.

How To Improve Your Software

Driving Operations through Better, Faster Decision Making

Extreme Networks Security Analytics G2 Vulnerability Manager

IT Security & Compliance. On Time. On Budget. On Demand.

IT Asset Management. White Paper

8 Tips for Winning the IT Asset Management Challenge START

SOLUTION BRIEF: CA IT ASSET MANAGER. How can I reduce IT asset costs to address my organization s budget pressures?

IT ASSET MANAGEMENT.

BUILDING AGILE OPS WITH A PROACTIVE AND UNIFIED INFRASTRUCTURE MANAGEMENT APPROACH

Scanning Open Source Software and Managing License Obligations on IBM SmartCloud. Because code travels

Authentication as a Service (AaaS): Creating A New Revenue Stream with AuthAnvil

IBM Security QRadar Vulnerability Manager

How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits?

How To Standardize Itil V3.3.5

agility made possible

The AppSec How-To: 10 Steps to Secure Agile Development

Table of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Table of contents. Standardizing IT Service Management. Best practices based on HP experience in ITSM consolidation. White paper

Align IT Operations with Business Priorities SOLUTION WHITE PAPER

White Paper. Automating Your Code Review: Moving to a SaaS Model for Application Security

End-user Security Analytics Strengthens Protection with ArcSight

NeXUS REPOSITORY managers

Getting a head start in Software Asset Management

ForeScout MDM Enterprise

Continuous Network Monitoring

Thought Leadership White Paper

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

StruxureWare TM Data Center Operation

5 Steps for a Winning Open Source Compliance Program

The IT Administrator s Guide to Software Asset Management

The SMB IT Decision Maker s Guide: Choosing a SaaS Service Management Solution

Why Your Library Should Move to Ex Libris Alma. An Ex Libris Alma Solution Brief

RESEARCH NOTE THE ENTERPRISE CASE FOR TELECOM EXPENSE MANAGEMENT THE BOTTOM LINE THE SITUATION. January Document N3

Meister Going Beyond Maven

SAME PRINCIPLES APPLY, BUT NEW MANDATES FOR CHANGE

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC

SAP Solution Brief SAP Technology SAP IT Infrastructure Management. Unify Infrastructure and Application Lifecycle Management

Supplier Relationship Management Tools

Buyers Guide to ERP Business Management Software

IT INFRASTRUCTURE MANAGEMENT SERVICE ADDING POWER TO YOUR NETWORKS

WHITE PAPER. Extending the Reach of the Help Desk With Web-based Asset Management Will Significantly Improve Your Support Operations

SECURITY POLICY MANAGEMENT ACROSS THE NEXT GENERATION DATA CENTER

! Resident of Kauai, Hawaii

The Impact of Transaction-based Application Performance Management

The ForeScout Difference

Thinking about APM? 4 key considerations for buy vs. build your own

Reining in the Effects of Uncontrolled Change

Introduction: 1. Daily 360 Website Scanning for Malware

Spreadsheets and Access Databases Enterprise Control, Efficiency and Insight. Find It. Audit. Profit

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Whitepaper. Advanced Threat Hunting with Carbon Black

How to Ensure IT Compliance Without Compromising Innovation. Nik Teshima, IBM Phil Odence, Black Duck

Software License Asset Management (SLAM) Part III

Cloud Managed Printing

Emptoris Contract Management for Healthcare HIPAA Compliance

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Application Security Center overview

Interactive Application Security Testing (IAST)

Detecta SQL Server Monitoring Solution

"Service Lifecycle Management strategies for CIOs"

Top Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER

Best Practices for Building a Security Operations Center

10 Hidden IT Risks That Might Threaten Your Business

Proven deployments across different Industry verticals; Being used by leading brands

RayManageSoft. infinity. The new generation of Application Lifecycle Management

NICE BACK OFFICE SOLUTIONS. Improve the Efficiency and Effectiveness of Your Back Office Operations. Insight from Interactions

Upping the game. Improving your software development process

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

DELL BACKUP ADMINISTRATION & MANAGEMENT SERVICES

Mark Rohlfing. Vice President of Operations Almac Clinical Services Souderton, Pennsylvania

High Availability Server Management

How to Define SIEM Strategy, Management and Success in the Enterprise

Taking a Proactive Approach to Linux Server Patch Management Linux server patching

Releasing High Quality Applications More Quickly with vrealize Code Stream

About me - Joel Montvelisky

Automated Invoice Matching

Reducing Cost and Risk Through Software Asset Management

Software License Management: 2012 Software License Management Benchmark Survey SOLUTION WHITE PAPER

Managing non-microsoft updates

Why is it so difficult to grow revenue, identify emerging customers and partners, and expand into new markets through the indirect sales channel?

SAP IT Infrastructure Management. Dirk Smit ALM Engagement Manager SAP Africa

Minimize Access Risk and Prevent Fraud With SAP Access Control

Managing Open Source Code Best Practices

Application Security in the Software Development Lifecycle

Transcription:

ENJOYING OPEN SOURCE WITHOUT COMPROMISING BUSINESS Dr. Ron Rymon Founder, White Source Software

Background I am a software entrepreneur, not a legal expert My own experience with the dark side of open source We sold our software company in 2008 In the DD, we reported 25 libraries and licenses We ended up with 350! (dependencies anyone?) We were lucky! - no major hidden surprises What could we have (practically) done better? We started White Source

Open Source is Great, But Open source substantially boosts developers productivity 85% of new software projects, according to Gartner* 80% of code in commercial products is actually OSS But, to enjoy the full value of open source, you must properly manage its use * Source: Gartner User Survey Analysis: Open-Source Software, Worldwide

Three Main Areas To Manage Security and Quality Issues License Risks and Compliance Ineffective Management and Unnecessary Burden

Security and Quality Most companies continue to ship products with open source that contains vulnerabilities, even long after these were fixed 85% of software projects contain outdated open source * Like any other software, open source is likely to contain security vulnerabilities and other bugs Rate of defects is 1 per 1,000 lines of code ** 70% of software applications contain security issues *** Open source communities are often quick to fix But OSS users are slow to update Why? Its difficult and out of scope for developers to be in the know Vulnerabilities in open source you use are YOUR responsibility Sources: * White Source, ** Coverity, *** Vercode

License Risks and Compliance Most companies lack a complete picture of all OSS libraries and licenses In 60% of cases, gaps between reported and actual * License documentation is extremely tedious Where done manually, lots of (hated) work, lots of errors With scanners, lots of sifting through false matches, delay release schedules One big reason is missed dependencies 91% of open source libraries have dependencies * 64% have a different license * Also, very few companies have license policies, and even fewer enforce policies in a consistent manner Improper handling may result in legal, technical, and business risks * Source: White Source

Ineffective Management and Unnecessary Burden Companies that do make an effort to manage their open source properly are wasting much effort 95% use manual processes Licensing is the biggest challenge and one of most time consuming nondevelopment task for developers * And after expanding those efforts, lots of misses and errors lead to high risks Few use scanners Expensive to buy; more expensive to operate beyond the reach of any but the biggest companies Issues are often discovered at worst time M&A, OEM, Release when most expensive to fix rip and recode/replace Developers shall develop. OSS management shall be automated. * Source: JFrog

Bring Back the Full Value of Open Source Adopt a lifecycle approach Deal with issues at the door and not post-hoc when difficult to discover and expensive to fix Always updated inventory and risks dashboard at your fingertips Automate the discovery process Don t depend on developers, and don t waste their time Enforce consistent license policy Automate enforce when possible Automate and document decision workflow when necessary Automate monitoring Security issues and other bugs New versions and fixes

White Source Modern, cloud-based, SaaS service Nothing to deploy and keep updating No training needed Not exposed to your proprietary code Integrates into your dev environment Plugins to your build/ci server Always current inventory and licenses Enforces license policy at the door Detects new open source Auto approve/reject Approval workflow if necessary

White Source (2) Proactive alerts on security issues and fixes Dashboards and reports in a click Ops: Inventory, Requests, Release automation Compliance: licenses, risks Quality and security: vulnerabilities, fixes

Case Study Background before White Source ~200 developers in 22 different scrum groups Manually tracking open source usage and licenses Forms-and-emails approval process Used a scanner in some transactions, requiring some fixes White Source implementation Fully implemented in a few days Use Maven plugin to automatically create projects Automatic policies and processes Results Full and reliable picture of open source inventory and licenses Discovered and replaced libraries with licensing issues Full visibility of licensing issues, security issues, and outdated libraries Fully automated

THANK YOU! To manage OSS, adopt an approach that fits into and does not over-burden your development cycle

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information