Cybersecurity Risks for Open Source Code

  /  ICS Security   /  Cybersecurity Risks for Open Source Code
Cybersecurity
ICS Security

Cybersecurity Risks for Open Source Code

The adoption of open source code has increased exponentially over the past decade, with a large percentage of commercial software now containing it. Developers are constantly sharing common features and code functionality across the internet and globe. The speed and demand placed upon application teams is high – business used to run via application releases a handful of times per year, and now is done a handful of times per week or day. This rapid acceleration pushed the world to move from “waterfall” and “iterative” project methodologies to “agile” to meet the rapidly growing demand. But what are the cybersecurity risks associated with open source code and how to protect it?

Open Source Cybersecurity Risks

  • Vulnerabilities – average of 64 vulns per code base. 1500+ days before a fix. Development processes are your first line of defense.
  • You build it, you own it
  • Software of unknown origin
  • Continuous monitoring of config and environment

To mitigate the risks, usage of Open Source repository scanning technologies is mandatory. A service which is able to find manifest files (identify and analyze), understand the direct and indirect dependencies (and flag them for known vulnerabilities) is a must. Having integration into your code repository also helps identify your risks tied to your projects. Then building the issue findings into your ticketing system (or creating pull requests) for remediation, at the developer level, is the next step to ensure the code has ownership and is cared for during its lifecycle. Maintenance and auditing (remediation) of this will be required because every time the same pull request happens, as scan and updated patch request must occur there too.

Building a culture among your organization to have ownership of code, the maintenance of it, and pride in the application from release to release will take time. It is paramount to making Open Source more secure though, as the ownership and pride will help keep it secure. Implementing the technology checks on top will assist in keeping the teams involved and more secure, as will doing this continuously.

More about Cybersecurity Vulnerabilities in ICS Mobile Applications

Read the full post on open source software security from Trend Micro to learn 4 best practices to mitigate vulnerabilities.

 

About the Author

Aaron Ansari

VP, Cloud Security at Trend Micro

by

Working at the edge In industrial operations, time is money. The more efficient processes and machinery are, the better it is for business. Providing proactive monitoring and maintenance of industrial machines, however, is not an easy task. This is especially true

by
Connected Industry

Last week, at the Innovation Summit in Paris, I had the pleasure to interview Sophie Borgne, Water Segment President, Schneider Electric, and Georg Weber, Executive Board Member & CTO, Wilo Group. The conversation is focused on sustainability, marking a pivotal shift in

by
Connected Industry, Video

With the eagerly anticipated Hannover Messe Fair 2024 on the horizon, IIoT World has embarked on an exciting initiative to capture the pulse of innovation in the Industrial Internet of Things (IIoT) space at the fair. We reached out to

by
Connected Industry
25985 Rustic Lane,
Westlake, Ohio 44145, U.S.A.
Telephone: +1 949-427-0564
Drop us a message

    ©2017-2024  IIoT World. All articles submitted by our contributors do not constitute the views, endorsements or opinions of IIoT-World.com.