Monday, March 8, 2021
  • Keep Your Eye on the Camera
  • The Humanity and Evolution of Cyber
  • Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 319’
  • BSides Calgary 2020 -Scott Taylor’s ‘Exploring Common Hacking Techniques’
  • BSides Calgary 2020 – Rick Kaun’s ‘Think Global, Act Local In OT Security’

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Application Security Careers DevOps Security Awareness Security Bloggers Network 

Home » Cybersecurity » Application Security » Things You Need to Know About Open Source – The FAQ Edition

Things You Need to Know About Open Source – The FAQ Edition

by Lamar Bailey on May 19, 2019

Open Source projects can be a great asset, or they can be a curse. It is all in how you manage it. To be successful in using open source, there are several things to keep in mind, from licensing to updates. And if you ignore any of them, it can cause problems. Here are some things to consider:

What is the license?

There are a range of license options for an open source project, and components can range from free to use everywhere to very restrictive. It is important to have someone who is familiar with license types and who can set some guidelines on what is okay to use and what needs review. For example, are you okay with publishing changes or new code publicly because you used an open source component? https://opensource.org/licenses is a good resource to review common license types.

Can’t hackers read the code and find vulnerabilities?

Absolutely, but you can do the same thing. Every Open Source component you decide to integrate into your products should be thoroughly reviewed for any security issues. There are tools that can scan the code, or you can use employee pretesting teams if you do not have the expertise in house.

Are open source projects secure?

This all depends on the project. The first step I take in this area is to do a web search for any known vulnerabilities for the project. Next, I search the code check-ins and comments for the mention of security, vuln, vulnerability, etc. Even if these come up empty I still have a full audit done on the code for any undocumented issues. Checking other projects that the developers work on is a good idea, too. If the other code is full is issues, maybe no one has reported issues in this (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Lamar Bailey. Read the original post at: https://www.tripwire.com/state-of-security/security-awareness/open-source-faqs/

May 19, 2019May 19, 2019 Lamar Bailey FAQs, open source, Security Awareness
  • ← States Explore Opportunities at National Summit on Cybersecurity
  • Critical WhatsApp Vulnerability, Facial Recognition Ban, Wormable Flaw in Windows →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Chinese Exchange Hack: At Best, Microsoft is Incompetent
Breach Clarity Data Breach Report: Week of March 1
A Close Call Prompts Security Reassessment
Okta Acquisition of Auth0 Signals DevSecOps Shift Left
Zero-Trust in a Trusting World
Why Less Can Be More When It Comes to Cybersecurity
Three Top Russian Cybercrime Forums Hacked
Akamai Identified as a Leader in DDoS Mitigation by Forrester
The State of K-12 Cybersecurity Education
Active/Active Multi-Region Systems on Steroids With Serverless

Upcoming Webinars

Tue 09

Zero Trust Journey – A Security Leader’s Story

March 9 @ 11:00 am - 12:00 pm
Mon 15

Don’t Get Attached to Your Attachment!

March 15 @ 9:00 am - 10:00 am
Mon 15

Managing Security in a Decentralized World

March 15 @ 1:00 pm - 2:00 pm
Wed 17

API Security: Everything You Need to Know To Protect Your APIs

March 17 @ 1:00 pm - 2:00 pm
Mon 22

The Main Application Security Technologies to Adopt in 2021

March 22 @ 1:00 pm - 2:00 pm
Tue 30

Application Security in the Rapid Digital Transformation Age

March 30 @ 1:00 pm - 2:00 pm
Wed 31

The Anatomy of an Account Takeover Attack

March 31 @ 3:00 pm - 4:00 pm
Apr 01

Pharma Drama: An Interactive Crisis Simulation of an Insider Threat

April 1 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Decentralizing Cloud Security Management
Cloud Security Cybersecurity Governance, Risk & Compliance Industry Spotlight Security Awareness Security Boulevard (Original) 

Decentralizing Cloud Security Management

March 5, 2021 Michael Salleo | 2 days ago 0
A Close Call Prompts Security Reassessment
Application Security Cybersecurity Data Security Industry Spotlight Malware Security Boulevard (Original) 

A Close Call Prompts Security Reassessment

March 4, 2021 Rui Ribeiro | 3 days ago 0
Breach Clarity Data Breach Report: Week of March 1
Cybersecurity Industry Spotlight Security Boulevard (Original) Threats & Breaches Vulnerabilities 

Breach Clarity Data Breach Report: Week of March 1

March 3, 2021 Kyle Marchini | 4 days ago 0

Top Stories

Chinese Exchange Hack: At Best, Microsoft is Incompetent
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Chinese Exchange Hack: At Best, Microsoft is Incompetent

March 4, 2021 Richi Jennings | 3 days ago 0
Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it

March 2, 2021 Richi Jennings | Mar 02 0
‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It

February 26, 2021 Richi Jennings | Feb 26 0

Security Humor

via   the respected information security capabilities of   Robert M. Lee     & the superlative illustration talents of   Jeff Haas   at   Little Bobby Comics

Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 319’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.