After Equifax Breach, Companies Advised to Review Open-Source Software Code; There are a number of reasons why companies don't move quickly to install fixes for their open-source vulnerabilities, including pressure to get products to market quickly.
Gespeichert in:
| Veröffentlicht in: | WSJ Pro. Cyber Security (Sep 20, 2017), p. n/a |
|---|---|
| 1. Verfasser: | |
| Veröffentlicht: |
Dow Jones & Company Inc.
|
| Schlagworte: | |
| Online-Zugang: | Citation/Abstract Full Text |
| Tags: |
Keine Tags, Fügen Sie das erste Tag hinzu!
|
| Abstract: | At a time when high-powered automated trading systems can execute stock sales in real time, some companies that rely on open-source software to help to run their businesses track their open-source use on spread sheets on paper. Lou Shipley, chief executive of Black Duck Software, which sells products to manage and protect open-source software, says the most effective way for companies to understand what is in their open-source software and how to better control it is to use automated processes that scan applications for open-source code, create an inventory of open-source components and check those components against what is in open-source vulnerability databases. Another reason is, unlike software from companies such as Microsoft, Oracle or SAP SE that send notices of when new patches and fixes are available, there are no notices sent with open-source software updates, he said. |
|---|---|
| Quelle: | ABI/INFORM Trade & Industry |