An Analysis of the Key Market Segments of Application Security for Open Source Software
Click here to download now
Overview: This paper will examine four basic market segments of the emerging Application Security Space for Open Source Software (OSS). Included will be a discussion of available tools and strategies for maximizing safe use of OSS during the software development process so as to maintain a high degree of security in a company's critical software applications and products.
The requirement to create and maintain secure applications is challenging one, requiring detailed understanding of the software development process. In today's software development world, no trend has had a more widespread impact than the use of open source software. Applications built recently (in the last 5 years) are likely to be fifty percent or more comprised of open source software components when measured on a lines of code basis. Open source software is not inherently any more or less secure than other software, but it is more likely to be undocumented. That is, it may have been incorporated into a software application without a review process, and without formal documentation recording its use. Because of this, normal processes of code review, static analysis, and patch updates may not take place, and vulnerabilities may not be addressed. In addition to vulnerability issues, open source software greatly expands the requirement to address the issue of intellectual property infringement since open source software components are licensed under a wide range of terms.
The widespread use of open source code and the potential that it may be undocumented, has led to the need to address application security in a comprehensive fashion. This paper will address the range of tools available, and will introduce an important new strategy to allow maximum leverage of open source software safely and securely during the software development process.
The rest of this paper addresses the spectrum of technologies that can form the basis of a comprehensive application security strategy for the use of open source, and deliver the benefits of open source software.