Tag Archives: application security

2014 Open Source Development Survey: Making Results Matter


April 1, 2014 By
Derek Weeks
mindstorm

Want to win a programmable LEGO robot? Share your voice in this year’s survey. The real intent of the Open Source Development Survey is to SPARK DISCUSSION. Remember, it’s not the stats that count…it’s the value of the discussions that follow that make this survey so important. So take 5 minutes and take the survey. (it takes less than 5 minutes, we promise)

Continue reading...

Open Source Observations from RSA


March 19, 2014 By
Karen Gardner
Open Source Review Boards

Wow – have 2 weeks already passed since RSA? Before we get too far out from the event, I thought I’d share a few observations … At an event covering Security of all types, where Application Security as a very small subset and Open Source Security is an even smaller subset – I was impressed […]

Continue reading...

An Open Discussion on Open Source Review Boards


March 17, 2014 By
Derek Weeks
Bruce Mayhew on Open Source Review Boards

The recent FS-ISAC whitepaper, “Appropriate Software Security Control Types for Third Party Service and Product Providers”, reveals the majority of internal software applications created by financial services involve acquiring open source components and libraries to augment custom developed software. While open source code is freely available and reviewed by many independent developers, that review effort does not translate into all software components and libraries being free from risk.

Continue reading...

The Tipping Point: Human Speed vs. Machine Speed


March 5, 2014 By
Derek Weeks
Component Downloads

What can the financial services industry learn from the U.S. Department of Homeland Security? In this third segment of my blog series on open source component security as it relates to the recently updated Financial Services Information Sharing and Analysis Center (FS-ISAC) guidelines, I explore the need for speed: humans vs. machines.

Continue reading...

Secure From the Start: Combining Open Source Policies, Practice & Tools


February 26, 2014 By
Derek Weeks
Securing from the Start

In short, open source security can’t be an after thought. Security isn’t only the responsibility of ‘security professionals’ but instead a shared responsibility for all parties involved in developing or managing an organization’s software supply chain. Better put in the FS-ISAC guidelines…

Continue reading...

AppSec / DevOps Survey: 63% Concerned with Open Source


February 5, 2014 By
Derek Weeks
Devops Appsec

A sneak peek at interim results from the “Developers and Application Security: Who is Responsible?” 2014 survey are in, and there’s still time for you to participate. Here’s a little something for you to think about. Once upon a time, we used to develop our own software. But these days, we are developing 90% of […]

Continue reading...

Should DevOps Account for Continuous Trust of Production Applications?


January 9, 2014 By
Jessica Dodson
devops

To find previous blogs in this DevOps series, read: Part 1 – Agile, Component Development & DevOps – A Natural Match Part 2 – DevOps Success is Contingent on Shifting Left  Part 3 – DevOps Requires an Optimized Application Development Tool Chain Part 4 – Component Capable Release Management is Key to DevOps Part 5 […]

Continue reading...

Who Really Wrote Healthcare.gov?


December 23, 2013 By
Wayne Jackson
Healthcare.gov

Opening a Dialogue About Supply Chain Risk Management in a World Powered by Open Source Software. As Marc Andreessen famously observed, “software is eating the world”. The proliferation of software is, indeed, transformational – it is everywhere, in laptops, of course, but also in cars, planes, phones, pacemakers, insulin pumps, refrigerators, thermostats, you name it. […]

Continue reading...