We’re very close to 1,000 CVE entries in the National Vulnerability Database. The NVD CVE report has nearly doubled for February with 650 vulnerability entries . Black Duck is noted as the leader in a new Wave report from Forrester Research. Why it’s a good idea to monitor app code to keep containers secure. What happens when open source meets the enterprise? A look at the changing face of open source licensing . Do 80 percent of web applications really contain security bugs?
All this and more in this week’s edition of Open Source Insight.
Open Source Security Provider Black Duck is the “Leader” in Independent Research Firm’s Assessment of Software Composition Analysis Providers
Black Duck is the only company in the “leader” category in the recentlyreleased: The Forrester Wave: Software Composition Analysis, Q1 2017 .
Software composition analysis (SCA) tools provide valuable data to security pros, legal pros, and app developers by identifying software vulnerabilities and exposing licenses for open source components. A comprehensive evaluation of “the six (SCA) providers that matter most and how they stack up,” the Forrester report assesses the current state of the software composition analysis market and provides in-depth analysis of the six providers.
Black Duck: To Keep Containers Secure, Monitor Your App Code, TooThe key to keeping containers secure is to think about the software running inside them, not just the software that hosts them. That’s the message Black Duck Software is aiming to send as adoption of container software increases .
In a discussion with Container Journal about container security, Black Duck said that “increasing container security means increasing the security of the applications deployed in containers.”
The company added, “Secure container frameworks are also obviously critical, but when those frameworks know nothing about the applications they encapsulate, they can’t possibly prevent well-crafted application attacks.”
When Open Source Meets the EnterpriseVia IT Business Edge : It seems that few organizations will need to convert all of their proprietary technology to open source, but open source will be desirable when it comes to supporting applications and services that are distributed across multi-platform cloud infrastructure. The biggest challenge of all will be to get these two constructs to work together.
The Changing Face of Open Source Licensing
Via DevPro : The GPL is the grandaddy of open source licenses, and is not only the license used by linux, but is the license that gave birth to the open source movement. It was designed with the purpose of giving computer users control of their machines, guaranteeing that software would be freely available and modifiable by users. It has served that purpose well. It is also the backbone upon which enterprise adoption of open source is based, and being compatible with the GPL is considered to be a requirement for all open source licenses.
80% Of Web Applications Contain at Least One Security BugA new study on Web application vulnerabilities by security software firm Contrast Security shows that sensitive data exposure affects 69% of these applications and is responsible for 26% of all vulnerabilities, reports DarkReading . Some 80% of applications contain at least one flaw, with an average of 45 vulnerabilities per application: 55% are affected by cross-site request forgery and 37% suffered from security misconfiguration.