How do you maintain strong governance and security measures when integrating open source software into your tech stack?
IT Manager in Transportation, 10,001+ employees
Relay on Best Practice for opensource software like auto updates for example. Director of Engineering in Finance (non-banking), Self-employed
opensource product and libs are used by everyone including commercial vendors so it can't be avoided. Have a policy and plan. At minimum include roadmap, periodic updates, vulnerability scanners and license review.Senior Engineering Manager in Finance (non-banking), 5,001 - 10,000 employees
There are frequent security scans in all the source code.There are tools like blackduck which can scan with each and every commit. It tracks all open source vulnerabilities and helps in resolving them.
Content you might like
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.Fraud mitigation20%
Protection of reputation and brand56%
Protection of consumer data18%
Regulatory or compliance requirements7%
167 PARTICIPANTS
ISSO and Director of the IRU in Healthcare and Biotech, 10,001+ employees
I would definitely suggest this based of how you categorize your types of data/systems and information being stored in certain parts of your data center. I think it’s really dependent on the size of your organization and ...read moreVery confident, it is comprehensive and effective34%
Somewhat confident, it covers the basics but could be improved44%
Not very confident, it needs significant improvements19%
My organization does not have a security awareness training program.2%
193 PARTICIPANTS
For example, if architects want to swap from one database to another database, it would be brought to the Change Advisory Board and would be allowed to move forward if the ARB says yes.