Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    sales and data analytics
    How Data Analytics Improves Lead Management and Sales Results
    9 Min Read
    data analytics and truck accident claims
    How Data Analytics Reduces Truck Accidents and Speeds Up Claims
    7 Min Read
    predictive analytics for interior designers
    Interior Designers Boost Profits with Predictive Analytics
    8 Min Read
    image fx (67)
    Improving LinkedIn Ad Strategies with Data Analytics
    9 Min Read
    big data and remote work
    Data Helps Speech-Language Pathologists Deliver Better Results
    6 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: Business Security Meets Open Source Code: Managing Software Vulnerabilities
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Security > Business Security Meets Open Source Code: Managing Software Vulnerabilities
ExclusiveSecuritySoftware

Business Security Meets Open Source Code: Managing Software Vulnerabilities

Larry Alton
Larry Alton
6 Min Read
Business Security Meets Open Source Code: Managing Software Vulnerabilities
SHARE

Years ago, when we talked about open source code, we were talking about something that was really only relevant to classic computer geeks – the ones running their computers on Unix and swapping bits of code on message boards. Times have changed, though, and now open source code is an integral part of how most businesses and just about anyone in the software world does their work. As Bart Copeland, CEO of the open source language tool company ActiveState explains, today’s companies have to use open source code to stay competitive. But while choosing open source code is important from a competitive perspective, that doesn’t mean it’s a simple or risk-free choice.

Contents
Predicting ProblemsDatabases For DevelopersAutomation Offers AdvantagesControl Your Code

One of the serious concerns with using open source code in business application development is that the majority of codebases contain at least some major vulnerabilities, and as soon as a company starts working with one of those codes, those vulnerabilities become their responsibility. That’s who customers will blame if there’s a data leak and, while hackers often seek to exploit specific vulnerabilities, they aren’t interested in the code qua code. They want a given business’s data. So, how should businesses handle this problem?

Faced with open source vulnerabilities, businesses need to take ownership over code vulnerabilities, but there are plenty of tools at their disposal. From predictive analytics to vulnerability databases, businesses already have access to everything they need.

Predicting Problems

When it comes to cybersecurity, one of the most powerful tools that businesses have at their disposal is predictive analytics, essentially machine learning capabilities that can detect likely threat actors, identify vulnerable targets, and quickly test new security fixes and defense strategies. These systems can be merged with more concrete security mechanisms beyond the code like Web Application Firewalls (WAFs) that monitor network traffic and protect the applications and data therein.

More Read

big data usage in SEO
3 Ways Big Data Is Bringing SEO Out of The Stone Age
The Evolution of today’s enterprise applications
Hadoop Summit and Hortonworks Promise to Make Big Data More Engaging
Big Data Leads to the Possibility of a Cashless Society
Steps Companies Should Take to Come Up Data Management Processes

Databases For Developers

On its own, open source code isn’t safer or more vulnerable that proprietary code. Rather, a major part of what makes open source code such a problem from a developer perspective is that so many people are using it and that means that when code launches with a major vulnerability, it could end up as part of a wide variety of applications. Luckily, because there are so many developers actively using and tweaking open source code, there are also databases specifically for cataloguing common vulnerabilities and exposures (CVEs).

Any time a developer works on an application, it’s critical that they check a vulnerability database to find out if there are any known vulnerabilities in a particular code component and, for those known vulnerabilities, whether there are available solutions. CVE databases use a standardized description method to identify each vulnerability and can connect developers with appropriate patches. Developers also need to regularly check these vulnerability databases, even after they’re done working on a program, to ensure new vulnerabilities haven’t been discovered.

Automation Offers Advantages

If developers are constantly checking their old code for vulnerabilities, how are they supposed to get anything done? That’s a legitimate question, but one with a ready solution – automation. Most vulnerability analysis really consists of automated scans, cross-checks, and updates designed to protect the overall system. Discovery tools manage the various assets at hand, simplify the process, and can actually halve the total time businesses use on vulnerability management procedures.

Control Your Code

Many of the most serious data breaches in recent years ultimately stemmed from vulnerabilities in open source code – take as an example the Equifax breach. Not only did the Equifax breach stem from a basic code vulnerability, but the bigger problem was that the company had left their code untended. The necessary patch had been available for about two months before the system was hacked. That was a few years ago, but little has changed. Many websites and companies are still operating with unpatched code or vulnerabilities that could easily be eliminated by skilled coders. If these companies don’t act fast, they could face similar blowback to what Equifax endured back in 2017.

Some companies are hoping that they can sidestep some of the vulnerability issues by using new security and cutting off hackers at the pass, but such approaches should be viewed as secondary to vulnerability management. The shift towards containers is one example of this. Yes, application containers abstract programs from their environment in a way that can protect them from certain security risks, but it doesn’t make sense to prioritize container use over patching. But containers plus Runtime Application Self-Protection (RASP) plus patching: now that’s substantive security.

Setting aside these many tools, whether a business is using proprietary or open source code, they need to take ownership over that information. Even code from a library is your code and any problems with it will come back to haunt your business, not anyone else – just ask Equifax. Their name is synonymous with data compromise, and it all could have been prevented with a patch.

Share This Article
Facebook Pinterest LinkedIn
Share
ByLarry Alton
Follow:
Larry is an independent business consultant specializing in tech, social media trends, business, and entrepreneurship. Follow him on Twitter and LinkedIn.

Follow us on Facebook

Latest News

sales and data analytics
How Data Analytics Improves Lead Management and Sales Results
Analytics Big Data Exclusive
ai in marketing
How AI and Smart Platforms Improve Email Marketing
Artificial Intelligence Exclusive Marketing
AI Document Verification for Legal Firms: Importance & Top Tools
AI Document Verification for Legal Firms: Importance & Top Tools
Artificial Intelligence Exclusive
AI supply chain
AI Tools Are Strengthening Global Supply Chains
Artificial Intelligence Exclusive

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

Start-up? You Should Start with a Big Data Mindset

3 Min Read

How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers

5 Min Read

The USA Is Building the World’s Fastest Supercomputer

5 Min Read
benefits of AI for fintech security
Fintech

Former SEC Boss Allison Lee Highlights AI’s Future in Fintech

11 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

AI and chatbots
Chatbots and SEO: How Can Chatbots Improve Your SEO Ranking?
Artificial Intelligence Chatbots Exclusive
data-driven web design
5 Great Tips for Using Data Analytics for Website UX
Big Data

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?