After Equifax Breach, Companies Advised to Review Open-Source Software Code; There are a number of reasons why companies don't move quickly to install fixes for their open-source vulnerabilities, including pressure to get products to market quickly.
Guardado en:
| Publicado en: | WSJ Pro. Cyber Security (Sep 20, 2017), p. n/a |
|---|---|
| Autor principal: | |
| Publicado: |
Dow Jones & Company Inc.
|
| Materias: | |
| Acceso en línea: | Citation/Abstract Full Text |
| Etiquetas: |
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| Resumen: | At a time when high-powered automated trading systems can execute stock sales in real time, some companies that rely on open-source software to help to run their businesses track their open-source use on spread sheets on paper. Lou Shipley, chief executive of Black Duck Software, which sells products to manage and protect open-source software, says the most effective way for companies to understand what is in their open-source software and how to better control it is to use automated processes that scan applications for open-source code, create an inventory of open-source components and check those components against what is in open-source vulnerability databases. Another reason is, unlike software from companies such as Microsoft, Oracle or SAP SE that send notices of when new patches and fixes are available, there are no notices sent with open-source software updates, he said. |
|---|---|
| Fuente: | ABI/INFORM Trade & Industry |