Open Source Security - It can be done easily.

GET STARTED WITH OPEN SOURCE SECURITY

OPEN SOURCE SOFTWARE IS EVERYWHERE

B I T C O I N

I O T

H E A LT H C A R EL I N U X

A N D R O I D

A U T O M O T I V E

B L O C K C H A I N

F I N T E C H D E V I C E S

O P E N S S L

A PA C H E S T R U T S

S E C U R I T Y C A M E R A S

P R O D U C T S Y O U S H I P

P R O D U C T S Y O U B U Y

Y O U R W E B S I T E

M I C R O W AV E

95% 50% 25MM

YOU USE OSS MORE THAN EVER

MORE THAN

of IT organizations leverage open-source software assets*

Source: Gartner

MORE THAN

of all code written today is Open Source*

Source: Flexera OSS Fact or Fiction report 2017

MORE THAN

repositories of Open Source code exist today*

Source: Github

YOU ALSO RUN A GROWING RISK OF THREATS

H E A R T B L E E DCVE-2014-0160

S H E L L S H O C KCVE-2014-0160

G H O S TCVE-2015-0235

S T R U T S 2

CVE-2017-5638

THAT CAN THREATEN YOUR BRAND

Y O U R S E C U R I T Y Y O U R I P Y O U R R E P U T A T I O N

YOU NEED TO TAKE ACTION, BUT ITS NOT EASY

So much code,

6

so little time.

WE GET THE DILEMMA

Try these steps to find your best process manage your risk.

You need a Simple On-ramp.

You need choicesAutomated scans, hands-on, or somewhere in between.

EASILY MANAGE OSS SECURITY

Step 1: Get a team in place.

Step 2: Hook up your security solution.

Step 3: Focus on high priority issues first.

Step 4: Pay attention to alerts.

–Ad hoc or formal

–Legal, security, engineering

FACT: Less than 50%of companies have a team in place to set Open Source policy.

* Flexera OSS Fact or Fiction report 2017

STEP 1 - GET A TEAM IN PLACE

*

STEP 2 - HOOK UP YOUR SECURITY SOLUTION

Integrate security scans into your build process

Get Automated high level analysis of all your Code

STEP 3 - ELIMINATE HIGH PRIORITY ISSUES

Focus on the highest priority first

LICENSE EXPOSURE INVENTORY PRIORITY

22VULNERABILITIES

32ITEMS

32ITEMS

VULNERABILITYEXPOSURE

STEP 4 - PAY ATTENTION TO ALERTS

Continuous monitoring is keyWatch out for alerts if a new vulnerability is discovered in current or shipped products

WHAT ABOUT HIGH RISK PROJECTS?

Good question! Dial up the depth of analysis to include

C O N TA I N E R S B U I L D D E P E N D E N C I E S

S O U R C E C O D E

“ C O P Y + PA S T E ” S O U R C E C O D E

M U LT I M E D I A F I L E SB I N A R I E S

MANAGE THAT SOFTWARE SUPPLY CHAIN!

Y O U R C O D E

S U P P L I E R C O D E

O P E N S O U R C E P R O J E C T S

P A R T N E RC O D E

AND TAKE CONTROL OF OPEN SOURCE SOFTWARE

G E T C L E A N , S T A Y C L E A N

W I T H F L E X E R A

AL ERTTo New OSS Vulnerabilities

MANAGEOSS Vulnerabilities

COMPLYWith OSS Licenses

S E L EC TSecure OSS Components

TRACKOSS Usage

EXPLORE SOME RESOURCES

Follow our

BLOGRead our

RESEARCH REPORTS

Explore

OSS TRENDS &PREDICTIONSFOR 2018

WE’RE REIMAGINING THE WAY SOFTWARE IS

BOUGHTSOLDMANAGEDSECURED

THANK YOU!

© 2018 Flexera All Rights Reserved

w w w. f l e x e r a . c o m