Open source security: Securing the worlds code, together – ETCIO.com

By Maneesh Sharma

Open source is all-pervasive in the software universe. Almost every organization using software to enhance digital transformation or business agility is consuming open source in some way. In fact, today 99% of all software projects are created using open source. Organizations whose software stack is built on open-source have been able to quickly pivot and recalibrate to meet the needs of the current environment because of the agility that open-source offers.

The adoption of open source components increases, so can security risks for both developers and security teams. For organizations on a digital transformation journey, security must be a top priority. With so much of their code being created and consumed in a collaborative manner, the need to ensure security is even more critical for them. The average software project depends on over 200 other components. Therefore, a safe and healthy open source community isnt just good for open source software, but it also benefits the millions of businesses that depend on it.

A key aspect of making security a collective responsibility is that developers are empowered to continually check for vulnerabilities as part of the development and testing phase. This approach is known as shift-left. By shifting security left, developers are able to uncover and fix vulnerabilities in the early stages of the software development lifecycle, so these are rooted out before the code is deployed to production.

Open source is fundamentally more securable than proprietary code because of this very collaborative nature of how it is built there are more experts involved in identifying and remedying security issues in the code. But security research is a specialist skill and the supply for researchers far outweighs the demand, so much so that security researchers are on average outnumbered 500:1 when compared to developers. This is where the community can help by rapidly identifying and disclosing vulnerabilities in code.

Open source development platforms are fast evolving to support this collaborative approach to building secure code, and provide tools to expand security research capabilities. From automating detection and remediation, to tracking emerging security vulnerabilities, these platforms are focused on helping developers identify threats and fix vulnerabilities before code enters in the production cycle.

Many forward-thinking enterprises are turning to open source to innovate at speed. The open source promise is one where security is an inextricable part of the entire product lifecycle, and not handled in isolation. In turn, businesses that use and build with open source must not only encourage secure practices across the development lifecycle, but they should also think about committing resources back to the wider open source community so we can create a more secure digital world that benefits everyone.

The author is Country Manager, GitHub India

View post:
Open source security: Securing the worlds code, together - ETCIO.com