Getting Visibility Into Open Source ComponentsPanelists Discuss Challenges for Developers Using Open Source Codes
Many applications use open source components, which can make it challenging to pinpoint any security issues. How can organizations gain better visibility of risks?
In an in-depth video discussion, Michelle Dufty of Sonatype and Reuben Athaide of Standard Chartered Bank address critical issues associated with using open source codes and share the solutions that can be leveraged to help ensure security.
“The key thing for developers is that security should not slow them down,” Dufty says. “If you are going to shift security left, security tools have to work the way developers expect them to work. It has to be easy to use. It has to fit in the DevOps tool.”
Athaide shares his experience on the benefits of an open source policy.
“Earlier, before going live in production developers would raise a ticket for the security team to run an application security test. However, this resulted in project delays,” Athaide says. “Now, having a central CI/CD pipeline with application security integrated into the testing has helped us reduce cycle time over all and reduce waste in the SDLC.”
In this video panel discussion, the panelists also discuss:
- Challenges for developers in getting open source visibility;
- How best to develop an open source policy;
- What solutions can be deployed without slowing down the process for developers.
Dufty is senior vice president for marketing at Sonatype, where she brings solutions to market that unite development, security and operations teams to accelerate software innovation while minimizing open source risk. She has more than 20 years of experience helping organizations leverage software technologies and services to better compete and serve their mission.
Athaide is head of cloud customer engagement at Standard Chartered Bank based out of Singapore. He built a DevOps platform by implementing an agile development approach with a high-caliber team to change the culture as well as raise the bar on engineering capability across the bank.