After Equifax Breach, Companies Advised to Review Open-Source Software Code; There are a number of reasons why companies don't move quickly to install fixes for their open-source vulnerabilities, including pressure to get products to market quickly.
Salvato in:
| Pubblicato in: | WSJ Pro. Cyber Security (Sep 20, 2017), p. n/a |
|---|---|
| Autore principale: | |
| Pubblicazione: |
Dow Jones & Company Inc.
|
| Soggetti: | |
| Accesso online: | Citation/Abstract Full Text |
| Tags: |
Nessun Tag, puoi essere il primo ad aggiungerne!!
|
| Abstract: | At a time when high-powered automated trading systems can execute stock sales in real time, some companies that rely on open-source software to help to run their businesses track their open-source use on spread sheets on paper. Lou Shipley, chief executive of Black Duck Software, which sells products to manage and protect open-source software, says the most effective way for companies to understand what is in their open-source software and how to better control it is to use automated processes that scan applications for open-source code, create an inventory of open-source components and check those components against what is in open-source vulnerability databases. Another reason is, unlike software from companies such as Microsoft, Oracle or SAP SE that send notices of when new patches and fixes are available, there are no notices sent with open-source software updates, he said. |
|---|---|
| Fonte: | ABI/INFORM Trade & Industry |