Developers are being asked to push out more software —and in shorter periods of time —than ever before. In turn, they are increasingly relying on open source libraries, which allow them to add functionality to their code without having to build it from scratch. As a result, software today is rarely completely made of first-party code, and is more often “assembled” from other sources. In fact, our most recent State of Software Security report found that a typical Java application is made up of 97 percent open source code. And that open source code is leaving organizations vulnerable to cyberattacks. Our State of Software Security: Open Source Edition report found that 70 percent of applications have a security flaw in an open source library. However, simply using open source libraries isn’t a security threat to the business. The real problem is not knowing that what you’re using contains vulnerabilities and that they’re exploitable in your application. Software composition analysis solutions can help, but many are coming up short. The main challenges with current solutions are that they are based on the NVD database, which is frequently not up to date, they are hard to manage and scale, and developers are not empowered to fix security issues.
Join this session to find out:
•Trends in open source library use
•Best practices in software composition analysis
•How to continue using open source libraries without getting bogged down with security tests