Open Source Is The New Development Methodology

Open Source is the New Development Methodology

A couple of months ago I wrote that open source has become the way we write software today and the implications that dynamic has on the world of security. This new development methodology requires a shift in how we secure our applications.

The reasons for the rapid grown of open source are clear:

  1. The community effect lends itself to innovation – the expertise pool in the ever-expanding open source community is orders of magnitude larger than a single development team.
  2. Using open source makes organizations more agile – they can leverage  functionality from open source versus re-creating the wheel in house to solve the business problem at hand
  3. Acquisition of open source is easy and cost effective – since open source components are available on public repositories, they are easy to evaluate.

The use of open source is ubiquitous worldwide. In newer technologies such as Linux containers, the connected car, and the Internet of Things open source makes up the bulk of the solution. We also see huge amounts of open source used in commercial and enterprise-built applications.

The new approach to application security 

The ascendance of open source has forced a change in the way we think about application security. Applications have become one of the most important fronts in the cyber security war.

The open source community is very fast in releasing security patches, but the responsibility to apply the patches and update the applications is with the development teams.

With thousands of new vulnerabilities found per year, keeping up to date is a daunting but absolutely vital task. We recently released a study of 200 commercial applications and found that 67 percent contained open source components with known vulnerabilities, and the average age of these vulnerabilities was more than five years. Yes, more than five years.

Making the world more secure one app at a time

At Black Duck we are committed to ensuring the use of open source remains strong by removing roadblocks to adoption, spread and use. We have found that regular reviews and ongoing monitoring of open source components for known security vulnerabilities is the best way to have the highest quality code, safe from known security issues.

To help ensure applications are free from these vulnerabilities, I am happy to introduce theBlack Duck Security Checker, a free, drag-and-drop tool for developers and security professionals to identify open source components in their code and find known security vulnerabilities.

Simply drag a file containing your artifacts into the browser and Black Duck will securely send you a report with a list of open source components and let you know if any of them contain vulnerabilities.

I’m excited and proud that Black Duck is offering users across the globe the opportunity to find out what they don’t know about the open source in their code – helping them know their code quickly and completely.

Ladies and gentlemen, START YOUR SCANNING!

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Thank You, Attendees and Presenters at Black Duck FLIGHT 2017

| Nov 21, 2017

I want to thank all of our attendees and speakers for another great Black Duck FLIGHT. We had great conversations, great sessions, and tons of fun. We expanded our tracks this year to include Research & Innovation, in addition to our favorites: Security, Dev & DevOps, and Legal/Compliance. All

| MORE >

5 Reasons You Must Attend FLIGHT 2017 This Year

| Oct 17, 2017

If you’re charged with open source security and compliance in your organization and haven’t registered for Black Duck FLIGHT 2017, you need to register today. FLIGHT 2017 is a unique open source business, technical, and educational conference packed into three days that takes place this November

| MORE >

FLIGHT Amsterdam: Mission Accomplished!

| May 30, 2017

We had an amazing event in Amsterdam last week with our first European customer user conference: FLIGHT Amsterdam. Both our Security and Legal tracks featured excellent speakers, describing how they are empowering application security in DevOps and outlining practical steps for scaling legal

| MORE >