As a product manager at WhiteSource, I see many customers who are facing different challenges with open source security. From the very basic issues, like knowing what they are actually using in terms of open source libraries, all the way to licensing and distribution, and of course, security. The greatest challenge, in my opinion, is being able to handle security in an efficient way, while making sure it doesn’t slow us down.
These days in development, fast delivery is the secret. Over the past decade, companies that were born online have revolutionized how technology infrastructure is built and maintained, and how software applications are developed and deployed. However, it sometimes looks like processes, such as security, are just going to slow us down while we try to deliver features, or value, to our customers.
Developers rate security as their top concern when dealing with open source components, above integration and functionality. Moreover, a developer will invest an average of 15 hours a month dealing with open source security vulnerabilities. However, most of this time is actually invested in prioritization, research for the best fix, and understanding the vulnerability itself.
One of our missions here in WhiteSource’s product team is to prove that you can have a secure pipeline and code, without slowing down the development process. That’s why we’ve been busy expanding our developer-focused integrations, to provide developers with the open source security tools that they need within their native environments. Our latest technology for developers is our new integration with Atlassian Bitbucket.
Shifting Open Source Security Left with Bitbucket Server
Shifting left is an approach where we move application quality and security processes closer to the developer (or to the “left” of the delivery chain) so that (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Shiri Ivtsan. Read the original post at: https://resources.whitesourcesoftware.com/blog-whitesource/security-that-doesn-t-slow-you-down