Open Source Summit + ELC North America 2020

Open source is a flourishing ecosystem which for many companies is opening up the doors to agility, innovation and strategic competitive advantages driven by lower total cost of ownership and faster time to market.

With great power comes great responsibilities: Security, legal and operational risks with open source which can cost companies their hard-earned business as well as reputation.

With increasing reliance on open source we need to understand the risks involved with those open source components and ensure that its easy for dev, security and legal to collaborate together to ensure that opensource adoption increase is safe and secure. Good news is that devsecops practices can help in mitgating those risks for ex:-

1) Continuous scanning for vulnerabilities can go a long way to mitigate these risks
2) Security testing early in the SDLC (shift left) and with continuous integration in the pipeline software component analysis can be accomplished systematically
3) Vulnerability disclosure programs should be in place to ensure
4) Bill of material for every application can track vulnerable dependencies
5) License and vulnerability checks can be enforces on download