On the Frontline – Open Source Software Risk Management Solution

New Actionable Intelligence and Management Capabilities in Insignary Clarity™ 2.0 Make it a Compelling Frontline OSS Risk Management Solution

Cyber Defense Magazine expert Gary Miliefsky estimates that between 2018 and 2022, more than $1.5 trillion will be spent, cumulatively, on cyber security products and services. As a managed services provider (MSP), we look to help our clients harden the software and systems they use in order to operate each day. One of the most challenging to address is open source software.

More than 90% of the software in use and written today contains open source software (OSS) code. Part of that is due to good code reuse. If a software snippet, library or other component is very useful, it has the potential to be reused across a spectrum of software platforms, applications, middleware and firmware. The problem is that if a vulnerability resides in that piece of code – it can be in millions of places, and very hard to track down.

Another issue is that OSS is updated quite frequently; it can be cumbersome to keep track of updates to software libraries and components.

Perhaps the greatest risk is from third-party code that is procured as a finished product, or to be used within a product or platform. It is challenging to know exactly what open source code is in it, and to ensure that it has the latest bug fixes.

Of late, one of the best tools in our arsenal is a fingerprint-based binary code scanner.

With a fingerprint-based binary code scanner, we can determine what we call the software composition facts. With this tool, we can find out very quickly what a software platform, application, middleware or piece of firmware is comprised of, without having to have it reverse engineered and then scanned. It tells you the truth about the code our clients receive in binary format – which is the majority of it.

This has enabled us to more effectively manage open source software-related license and security risks. Once software is scanned, we can to go through and either patch known security vulnerabilities that have not been addressed in the code, develop workarounds that eliminate the security risks or have the software vendors address these issues.

However, the one area we have wanted the product to be more robust is in its reporting and management features.

Well, I am happy to share that Insignary has just launched Clarity 2.0. With it comes an improved user interface and a significant number of very useful reporting and management capabilities. Now, executives and managers can quickly determine, at a glance, the most critical OSS security and licensing issues and allocate their DevOps and security resources to most effectively address them.

Specifically, some of the new features include:

  • A Dashboard – It gives a summarized overview of OSS security vulnerability status and license compliance issues across all projects or by each project.
  • Setting Policies Executives and managers can set OSS usage and security policies for different projects and notifies managers if there are uses of open source components that may contain certain security vulnerabilities or license issues.
  • Scan Results Diff – Organizations can compare scan results side by side. And, before distributing updated versions of software, managers can focus on the newly identified license risks or security vulnerabilities since the last scan.
  • View Customization – Gives users a choice in how precisely they would like to view their scan results, as an overall summary or as minutely detailed information.
  • A Custom Database – Companies can distinguish between third-party OSS components and in-house, extended OSS projects.

As with any software security implementation we manage on behalf of our clients, we rely on a portfolio of products to improve our capabilities. With the new features that are now available in Clarity 2.0, we will have a very effective frontline OSS risk management solution.

About the Author

On the Frontline – Open Source Software Risk Management SolutionBill Cameron serves as a Principal at Warrenton Global Solutions; supporting cyber security initiatives and international business development.

Prior to joining WGS, Bill spent more than 26 years as a United States Naval Officer in national defense and security roles.

For more information, he can be reached at [email protected].

Subscribe to Cyber Defense Magazine

Join our mailing list, no strings attached. We never sell your data. We'll send you monthly e-magazines, webinar invites from us and our partners, cybersecurity trade show updates, awards, infosec news, cybersecurity tips and so much more on all things cyber defense.
Subscribe

Related News

Protecting Government Data at The Intersection of Zero Trust and Open Source The Growing Risk in Cyber Risk Management Mitigate Risk by Securing Third Party Software and Environments Mitigate Risk by Securing Third Party Software And Environments Cyber Risk Management: The Right Approach Is a Business-Oriented Approach Applying the NIST Framework to Ransomware Risk Management
February 26, 2019

CyberDefenseMagazine Follow 24,016 54,487

Cyber Defense Magazine - The Premier Source for IT Security and Compliance Information. https://t.co/748STKH6k0.

cyberdefensemag

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Global InfoSec Awards for 2024 are now Open! Take advantage of co-marketing packages and enter today!

Show Me!
X