SlideShare a Scribd company logo

Compliance in the 2016 Future of Open Source

Black Duck by Synopsys, profile picture
Black Duck by Synopsys

Black Duck Software provides solutions for automating the security and management of open source software to mitigate vulnerabilities and compliance risks. A survey in 2016 revealed that many organizations lack formal policies for evaluating open source code, with significant challenges in compliance and enforcement. Numerous industry collaborators, including major tech companies and organizations, support the advancement of open source practices.

Technology
1 of 1
Download to read offline
Organizations worldwide use Black Duck Software’s industry-leading products to automate the processes of securing and managing open source software, eliminating the pain related to security vulnerabilities, open source license compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com Future of Open Source Survey 2016 COMPLIANCE SPOTLIGHT said there is no formal policy for selecting & approving open source code of respondents who have policies don’t enforce them or allow them to be bypassed have no list of approved open source licenses never evaluate their code quality 30%of respondents aren’t very successful at complying with associated licenses OVER NEARLY NEARLY NEARLY 50% 50% are not successfully providing information about licenses, security issues & software versions NEARLY 60% 60% 90% Compliance is Erratic Code Reviews Are Rare Existing Policies Rarely Enforced Future of Open Source 2016 collaborators: Abilian, Acquia, Ant Systems, Appnovation, Appsembler, Ardent Technologies, Inc., Bareos GmbH & Co. KG, Black Duck Software, Capital One, Chamilo, Chef, CloudFoundry Corp, Confer, Coolan, Couchbase, Credativ, DEIS/Engineyard, Eclipse Foundation, EnterpriseDB, Evolveum, Grid Protection Alliance, Hewlett Packard, InfoSys, JFrog, Linux Foundation, Linux Professional Institute, MARSEC, Microsoft, MassTLC, Miracl, nexB, NGINX, North Bridge, Open Source Business (OSB) Alliance, Open Source EHR Alliance, Open Source Initiative (OSI), OpenClinic, Open-Xchange, Opmantek, OpusVL, Pentaho, Ravel Law, Red Hat, Rift-io, SDH Institute, Tecnisys, The Apache Software Foundation, The Document Foundation, Ubuntu, Univention, VoltDB, Wikibon, WIPRO and WP Engine. *platinum collaborators are in bold Growing Opportunity for Policies & Procedures

More Related Content

PDF
Understanding Open Source
Jody Garnett
 
PPTX
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Derrick Hunter
 
PDF
Penetration testing tools and phases
TestingXperts
 
PDF
The Log4Shell Vulnerability – explained: how to stay secure
Kaspersky
 
PDF
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
Casey Ellis
 
PPTX
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
EndgameInc
 
PDF
we45 - Web Application Security Testing Case Study
we45
 
PDF
10 Tips to Keep Your Software a Step Ahead of the Hackers
Checkmarx
 
Understanding Open Source
Jody Garnett
 
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Derrick Hunter
 
Penetration testing tools and phases
TestingXperts
 
The Log4Shell Vulnerability – explained: how to stay secure
Kaspersky
 
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
Casey Ellis
 
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
EndgameInc
 
we45 - Web Application Security Testing Case Study
we45
 
10 Tips to Keep Your Software a Step Ahead of the Hackers
Checkmarx
 

What's hot (20)

PDF
SFScon 2020 - Ivan Pashchenko - Learning from Developers How to Make Dependen...
South Tyrol Free Software Conference
 
PPTX
Security misconfiguration
Micho Hayek
 
PPTX
Cyber Security and Open Source
POSSCON
 
PDF
Client-Side Penetration Testing Presentation
Chris Gates
 
PPTX
Security testing fundamentals
Cygnet Infotech
 
PDF
Web Application Security Testing Tools
Eric Lai
 
PPTX
Building your Open Source Security stack
Héctor Eryx Paredes Camacho
 
PPTX
Machine Learning for Malware Classification and Clustering
Ashwini Almad
 
PPTX
Intro to Network Vapt
Apurv Singh Gautam
 
PDF
Malware Detection - A Machine Learning Perspective
Chong-Kuan Chen
 
PDF
Secure Coding and Threat Modeling
Miriam Celi, CISSP, GISP, MSCS, MBA
 
PDF
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
PDF
Sast 2021
Felix Dobslaw
 
PPTX
Gubarevich Peter - 11-Feb-2016 - Show IT 2016 @Bratislava
Peter Gubarevich
 
PPTX
7 Reasons Your Applications are Attractive to Adversaries
Derek E. Weeks
 
PPTX
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
PDF
The State of Open Source Security
DevOps.com
 
PPTX
MobileTechTalk - Android application troubleshooting
GlobalLogic Ukraine
 
PPT
Mobile application security and threat modeling
Shantanu Mitra
 
PPTX
Application Whitelisting - Complementing Threat centric with Trust centric se...
Osama Salah
 
SFScon 2020 - Ivan Pashchenko - Learning from Developers How to Make Dependen...
South Tyrol Free Software Conference
 
Security misconfiguration
Micho Hayek
 
Cyber Security and Open Source
POSSCON
 
Client-Side Penetration Testing Presentation
Chris Gates
 
Security testing fundamentals
Cygnet Infotech
 
Web Application Security Testing Tools
Eric Lai
 
Building your Open Source Security stack
Héctor Eryx Paredes Camacho
 
Machine Learning for Malware Classification and Clustering
Ashwini Almad
 
Intro to Network Vapt
Apurv Singh Gautam
 
Malware Detection - A Machine Learning Perspective
Chong-Kuan Chen
 
Secure Coding and Threat Modeling
Miriam Celi, CISSP, GISP, MSCS, MBA
 
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
Sast 2021
Felix Dobslaw
 
Gubarevich Peter - 11-Feb-2016 - Show IT 2016 @Bratislava
Peter Gubarevich
 
7 Reasons Your Applications are Attractive to Adversaries
Derek E. Weeks
 
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
The State of Open Source Security
DevOps.com
 
MobileTechTalk - Android application troubleshooting
GlobalLogic Ukraine
 
Mobile application security and threat modeling
Shantanu Mitra
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Osama Salah
 
Ad

Viewers also liked (20)

PDF
Integrating Black Duck into Your Environment with Hub APIs
Black Duck by Synopsys
 
PDF
Integrating Black Duck into your Agile DevOps Environment
Black Duck by Synopsys
 
PPT
BlackDuck Suite
jeff cheng
 
PDF
Collaborative Development the Gift That Keeps on Giving
Black Duck by Synopsys
 
PPTX
What's it like to work at Black Duck
Black Duck by Synopsys
 
PDF
Myths and Misperceptions of Open Source Security
Black Duck by Synopsys
 
PDF
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys
 
PDF
Customer Case Study: ScienceLogic - Many Paths to Compliance
Black Duck by Synopsys
 
PDF
Practical Steps to Scale Legal Support for Open Source
Black Duck by Synopsys
 
PDF
Making the Transition from Suite to the Hub
Black Duck by Synopsys
 
PDF
Containers for Lawyers Richard Fontana
Black Duck by Synopsys
 
PPTX
Litigation and Compliance in the Open Source Ecosystem
Black Duck by Synopsys
 
PPTX
Contain your risk: Deploy secure containers with trust and confidence
Black Duck by Synopsys
 
PDF
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Black Duck by Synopsys
 
PDF
Don't Let Open Source be the Deal Breaker In Your M&A
Black Duck by Synopsys
 
PDF
PCI and Vulnerability Assessments - What’s Missing
Black Duck by Synopsys
 
PPTX
Managing Open Source in Application Security and Software Development Lifecycle
Black Duck by Synopsys
 
PDF
Securing Docker Containers
Black Duck by Synopsys
 
PDF
Open Source in Application Security
Black Duck by Synopsys
 
PDF
The 4 Levels of Open Source Risk Management
Black Duck by Synopsys
 
Integrating Black Duck into Your Environment with Hub APIs
Black Duck by Synopsys
 
Integrating Black Duck into your Agile DevOps Environment
Black Duck by Synopsys
 
BlackDuck Suite
jeff cheng
 
Collaborative Development the Gift That Keeps on Giving
Black Duck by Synopsys
 
What's it like to work at Black Duck
Black Duck by Synopsys
 
Myths and Misperceptions of Open Source Security
Black Duck by Synopsys
 
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys
 
Customer Case Study: ScienceLogic - Many Paths to Compliance
Black Duck by Synopsys
 
Practical Steps to Scale Legal Support for Open Source
Black Duck by Synopsys
 
Making the Transition from Suite to the Hub
Black Duck by Synopsys
 
Containers for Lawyers Richard Fontana
Black Duck by Synopsys
 
Litigation and Compliance in the Open Source Ecosystem
Black Duck by Synopsys
 
Contain your risk: Deploy secure containers with trust and confidence
Black Duck by Synopsys
 
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Black Duck by Synopsys
 
Don't Let Open Source be the Deal Breaker In Your M&A
Black Duck by Synopsys
 
PCI and Vulnerability Assessments - What’s Missing
Black Duck by Synopsys
 
Managing Open Source in Application Security and Software Development Lifecycle
Black Duck by Synopsys
 
Securing Docker Containers
Black Duck by Synopsys
 
Open Source in Application Security
Black Duck by Synopsys
 
The 4 Levels of Open Source Risk Management
Black Duck by Synopsys
 
Ad

Similar to Compliance in the 2016 Future of Open Source (20)

PDF
Open Source 360° Survey Key Takeaways
Black Duck by Synopsys
 
PPTX
Open Source 360 Survey Results
Tim Mackey
 
PPTX
Welcome & The State of Open Source Security
Jerika Phelps
 
PDF
The AppSec Path to Enlightenment
Black Duck by Synopsys
 
PDF
Aliens in Your Apps!
All Things Open
 
PDF
14 Tips to Choose the Right Open Source Test Automation Tool.pdf
Steve Wortham
 
PPTX
Software Security Assurance for DevOps
Black Duck by Synopsys
 
PPTX
Software Security Assurance for Devops
Jerika Phelps
 
PDF
Driving Risks Out of Embedded Automotive Software
Parasoft
 
PPTX
Live 2014 Survey Results: Open Source Development and Application Security Su...
Sonatype
 
PPTX
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Sonatype
 
PDF
Sonatype's 2013 OSS Software Survey
Sonatype
 
PPTX
Rana Khalil – Securing Open Source Dependencies
C3SA Cyber Security Audit
 
PDF
(In)security in Open Source
Shane Coughlan
 
PDF
You Can’t Live Without Open Source - Results from the Open Source 360 Survey
Black Duck by Synopsys
 
PPTX
Shifting the conversation from active interception to proactive neutralization
Rogue Wave Software
 
PDF
Implementing and Managing Open Source Compliance Programs - A Crash Course
Open Source Strategy Forum
 
PDF
Implementing and Managing an Open Source Compliance Program: A Crash Course
FINOS
 
PPTX
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
WhiteSource
 
PPTX
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
WhiteSource
 
Open Source 360° Survey Key Takeaways
Black Duck by Synopsys
 
Open Source 360 Survey Results
Tim Mackey
 
Welcome & The State of Open Source Security
Jerika Phelps
 
The AppSec Path to Enlightenment
Black Duck by Synopsys
 
Aliens in Your Apps!
All Things Open
 
14 Tips to Choose the Right Open Source Test Automation Tool.pdf
Steve Wortham
 
Software Security Assurance for DevOps
Black Duck by Synopsys
 
Software Security Assurance for Devops
Jerika Phelps
 
Driving Risks Out of Embedded Automotive Software
Parasoft
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Sonatype
 
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Sonatype
 
Sonatype's 2013 OSS Software Survey
Sonatype
 
Rana Khalil – Securing Open Source Dependencies
C3SA Cyber Security Audit
 
(In)security in Open Source
Shane Coughlan
 
You Can’t Live Without Open Source - Results from the Open Source 360 Survey
Black Duck by Synopsys
 
Shifting the conversation from active interception to proactive neutralization
Rogue Wave Software
 
Implementing and Managing Open Source Compliance Programs - A Crash Course
Open Source Strategy Forum
 
Implementing and Managing an Open Source Compliance Program: A Crash Course
FINOS
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
WhiteSource
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
WhiteSource
 

More from Black Duck by Synopsys (20)

PDF
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
Black Duck by Synopsys
 
PDF
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
Black Duck by Synopsys
 
PDF
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
Black Duck by Synopsys
 
PDF
FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...
Black Duck by Synopsys
 
PDF
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
Black Duck by Synopsys
 
PDF
Open-Source- Sicherheits- und Risikoanalyse 2018
Black Duck by Synopsys
 
PDF
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
Black Duck by Synopsys
 
PDF
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
Black Duck by Synopsys
 
PDF
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
Black Duck by Synopsys
 
PDF
FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...
Black Duck by Synopsys
 
PPT
FLIGHT Amsterdam Presentation - From Protex to Hub
Black Duck by Synopsys
 
PPTX
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Black Duck by Synopsys
 
PPTX
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...
Black Duck by Synopsys
 
PDF
Open Source Rookies and Community
Black Duck by Synopsys
 
PPTX
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Black Duck by Synopsys
 
PPTX
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Black Duck by Synopsys
 
PPTX
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Black Duck by Synopsys
 
PPTX
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...
Black Duck by Synopsys
 
PPTX
Open Source Insight: Happy Birthday Open Source and Application Security for ...
Black Duck by Synopsys
 
PPTX
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
Black Duck by Synopsys
 
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
Black Duck by Synopsys
 
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
Black Duck by Synopsys
 
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
Black Duck by Synopsys
 
FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...
Black Duck by Synopsys
 
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
Black Duck by Synopsys
 
Open-Source- Sicherheits- und Risikoanalyse 2018
Black Duck by Synopsys
 
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
Black Duck by Synopsys
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
Black Duck by Synopsys
 
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
Black Duck by Synopsys
 
FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...
Black Duck by Synopsys
 
FLIGHT Amsterdam Presentation - From Protex to Hub
Black Duck by Synopsys
 
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Black Duck by Synopsys
 
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...
Black Duck by Synopsys
 
Open Source Rookies and Community
Black Duck by Synopsys
 
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Black Duck by Synopsys
 
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Black Duck by Synopsys
 
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Black Duck by Synopsys
 
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...
Black Duck by Synopsys
 
Open Source Insight: Happy Birthday Open Source and Application Security for ...
Black Duck by Synopsys
 
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
Black Duck by Synopsys
 

Recently uploaded (20)

DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Advanced IT Governance
University of Hertfordshire
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Advanced IT Governance
University of Hertfordshire
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 

Compliance in the 2016 Future of Open Source

  • 1. Organizations worldwide use Black Duck Software’s industry-leading products to automate the processes of securing and managing open source software, eliminating the pain related to security vulnerabilities, open source license compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com Future of Open Source Survey 2016 COMPLIANCE SPOTLIGHT said there is no formal policy for selecting & approving open source code of respondents who have policies don’t enforce them or allow them to be bypassed have no list of approved open source licenses never evaluate their code quality 30%of respondents aren’t very successful at complying with associated licenses OVER NEARLY NEARLY NEARLY 50% 50% are not successfully providing information about licenses, security issues & software versions NEARLY 60% 60% 90% Compliance is Erratic Code Reviews Are Rare Existing Policies Rarely Enforced Future of Open Source 2016 collaborators: Abilian, Acquia, Ant Systems, Appnovation, Appsembler, Ardent Technologies, Inc., Bareos GmbH & Co. KG, Black Duck Software, Capital One, Chamilo, Chef, CloudFoundry Corp, Confer, Coolan, Couchbase, Credativ, DEIS/Engineyard, Eclipse Foundation, EnterpriseDB, Evolveum, Grid Protection Alliance, Hewlett Packard, InfoSys, JFrog, Linux Foundation, Linux Professional Institute, MARSEC, Microsoft, MassTLC, Miracl, nexB, NGINX, North Bridge, Open Source Business (OSB) Alliance, Open Source EHR Alliance, Open Source Initiative (OSI), OpenClinic, Open-Xchange, Opmantek, OpusVL, Pentaho, Ravel Law, Red Hat, Rift-io, SDH Institute, Tecnisys, The Apache Software Foundation, The Document Foundation, Ubuntu, Univention, VoltDB, Wikibon, WIPRO and WP Engine. *platinum collaborators are in bold Growing Opportunity for Policies & Procedures