Top Links You Must Click On
From the Blogosphere
Java Deserialization: Running Faster Than a Bear | @CloudExpo #API #Java #Cloud
Improve your software supply chain security
By: Derek Weeks
Jun. 20, 2016 04:42 PM
Software components that were once good can sour instantly when new vulnerabilities are discovered within them. When that happens, the bears are coming, and you have to respond quickly.
Two men are walking through a forest. Suddenly, they see a bear off in the distance, running toward them. Adrenaline pumping, they start running away. But then one of them stops, takes some running shoes from his bag and starts putting them on.
"Frank, what are you doing?" says the other man. "Do you think you will run faster than the bear with those?"
"I don't need to run faster than the bear," Frank replies. "I just have to run faster than you."
This scenario repeats itself every time a new security vulnerability is discovered in a widely used open source component. Imagine the bear as your adversary. Rushing to attack when easy prey is present. Your response time is critical.
Sneakers on. Go!
Improve Your Software Supply Chain Security
To improve management of component vulnerabilities, consider these five steps, which mimic a number of the supply chain management concepts originated by quality guru W. Edwards Deming to improve quality, accelerate feedback loops, and increase efficiencies of manufacturing operations. The same approaches are being adopted by organizations improving their own operations through the adoption of Continuous Delivery and DevOps processes:
Create a software bill of materials for one application: Visibility into one application can help you understand your current component usage. A number of free and paid services are available to help you create a software bill of materials within a few minutes. The bill of materials will help you identify the unique component parts used within your application and the suppliers who contributed them. These reports list all components used, and several services also identify component age, popularity, version numbers, licenses, and known vulnerabilities.
Enterprise Open Source Magazine Latest Stories . . .
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week