SlideShare une entreprise Scribd logo

Understanding the Value of Scanning for Open Source Software

Rogue Wave Software
Rogue Wave Software

This Webinar identifies the most common value and risk questions we hear asked regularly by businesses implementing open source software (OSS) scanning. We believe sharing the answers to these questions will help you better understand why, and under what conditions you really can’t afford to do without an OSS scanning solution.

Technologie
1  sur  13
1© OpenLogic, Inc. - Licensed under CC-BY Understand Scanning for Open Source Code and Why YOU Can’t Afford Not to Scan! Thursday, June 27, 2013 11:00 AM MST Live Webinar!
2© OpenLogic, Inc. - Licensed under CC-BY Welcome! Today’s presenters are: Expert Auditor and Presenter: Dave McLoughlin, Director of Open Source Software Auditing Services at OpenLogic Dave.mcloughlin@openlogic.com Moderator: Caitlin Rogers, Senior Director of Marketing at OpenLogic
3© OpenLogic, Inc. - Licensed under CC-BY About OpenLogic  OpenLogic helps Enterprises use Open Source Software  What does this mean? – We offer industrial strength source code scanning software • OSS Deep Discovery – We offer a cloud-based governance and compliance platform called OLEX where you can: • Set-up your open source policy • Keep track of your open source inventory • Mange open source usage in your organization • Run source code scans via OSS Deep Discovery • Access open source repository of resolved licenses • Audit your open source code • Resolve open source licenses – Expert Auditing Services: • If you don’t have the internal expertise, you can hire our experts to scan and analyze your files for you • We offer indemnification on all audits
4© OpenLogic, Inc. - Licensed under CC-BY What we will learn in today’s webinar:  Why you need to be scanning for open source software?  What are the RISKS of NOT scanning?  Why you can’t afford to NOT scan?  What is the difference between binary scanning and source code scanning?  Are cloud scanning solutions (SaaS) safe, secure and effective?  Is accuracy more important than fingerprint size in source code scanning?
5© OpenLogic, Inc. - Licensed under CC-BY Why should you scan for open source? Do you need to scan your source code?  Do you distribute open source code, or sell products containing open source software?  CAUTION! – You don’t have to be selling software in order to be distributing it!  Do you offer apps available for download on your Website or via app marketplaces like iTunes, Google Play?  Do you need an internal inventory of all your source code and what’s contained therein?  Is your organization engaged in merger and acquisitions?  Do you outsource software development?  Do you contribute code to open source projects?
6© OpenLogic, Inc. - Licensed under CC-BY Use of OSS under GPL Revisions made to OSS Linked to or bundled with proprietary code Use by wholly owned sub Sub is sold to a 3rd party Internal Use Use by an outsourcer or contractor Software shared with “partner” during further development Software distributed to end users Using OSS Distributing OSS Changes in how OSS is used can impact license compliance When is OSS “distributed”?
7© OpenLogic, Inc. - Licensed under CC-BY Did you answer YES to any of those questions? If you answered  YES to any of the previous questions, you should be scanning your source code. What are the risks of NOT scanning? Avoiding source code scanning is NOT worth the RISK!
8© OpenLogic, Inc. - Licensed under CC-BY Why you can’t afford to NOT scan?  Legal Risks: – Lawsuits – Audits – Loss of Ownership  Security Risks: – CVE  Maintenance: – Features – Performance  BONUS! – Human Error – Unused code – Accidental use Potential Risks and Costs of NOT Scanning
9© OpenLogic, Inc. - Licensed under CC-BY What is the difference between binary scanning and source code scanning?  Most companies need to undertake source code scanning and not just binary scanning. What is the difference?  Source Code Scanning – Used on source code AND binaries – Finds open source packages, copied snippets, and licenses – Recommended for any software that is distributed  Binary Scanning or Inventory Scanning: – Used on binaries, doesn’t scan all source code – Finds OSS packages used – Effective for taking software inventories on machines and applications – Not as thorough or comprehensive as a source code scan – OpenLogic offers a free binary scanner called OSS Discovery; it’s one of OpenLogic’s many contributions to the open source community http://www.openlogic.com/resources-library/binary-source-code-scanners/
10© OpenLogic, Inc. - Licensed under CC-BY Are cloud scanning solutions (SaaS) safe, secure and effective?  OLEX provides a unique private cloud solution. The source code NEVER leaves the safety of your firewall.  The results of the scan are fingerprinted with a one-way hash code, which can not be used to reveal your code, as it just provides a “digital” reference.  That fingerprint is returned securely (SSL) via the cloud and results of the scan are produced into a bill of materials or BOM.  This is highly secure, private and most importantly your code remains anonymous.  We provide a security whitepaper with details on the measures we take in our product and data centers to keep your information secure.  http://www.openlogic.com/resources-library/data-sheet-openlogic-exchange-olex/
11© OpenLogic, Inc. - Licensed under CC-BY Accuracy vs. Size of Fingerprint Database  High Accuracy, Low Noise – Multiple matching techniques to find projects, files, snippets and modified code – A focus on accuracy helps to reduce false positives and better identifies a correct license match – Scanner employees multiple noise reduction techniques – More fingerprints don’t always mean better results. Fewer, targeted results produce faster analysis  SaaS crowd sourcing – Leveraging the work of others – Boosting results – Suggestions
12© OpenLogic, Inc. - Licensed under CC-BY What we learned in today’s webinar:  Why you need to be scanning for open source software?  What are the RISKS of NOT scanning?  Why you can’t afford to NOT scan?  What is the difference between binary scanning and source code scanning?  Are cloud scanning solutions (SaaS) safe, secure and effective?  Is accuracy more important than fingerprint size in source code scanning?
13© OpenLogic, Inc. - Licensed under CC-BY Thank You!  Want to Learn More? – Get a demo of OSS Deep Discovery: http://www.openlogic.com/products/olex/ – The First 5 Attendees Who Request a Demo Will Get the Following: – A free Scanning Account Set-up on OLEX – 1K FREE files scanned of your source code! – 1 Hour FREE review of your source code with an Expert Auditor  Contact us: – 1.888.OPENLOGIC | marketing@openlogic.com | Twitter @openlogic www.openlogic.com | olex.openlogic.com Source Code Scanning made Secure, Accurate, Effective & Simple

Recommandé

OpenLogic - Open Source Cost Savings in Economic Downturn
OpenLogic - Open Source Cost Savings in Economic DownturnOpenLogic - Open Source Cost Savings in Economic Downturn
OpenLogic - Open Source Cost Savings in Economic DownturnRogue Wave Software
 
The Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveThe Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveRogue Wave Software
 
No liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureNo liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureRogue Wave Software
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationRogue Wave Software
 
Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Rogue Wave Software
 
Adding layers of security to an API in real-time
Adding layers of security to an API in real-timeAdding layers of security to an API in real-time
Adding layers of security to an API in real-timeRogue Wave Software
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyRogue Wave Software
 
Advanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsAdvanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsRogue Wave Software
 

Recommandé

OpenLogic - Open Source Cost Savings in Economic Downturn
OpenLogic - Open Source Cost Savings in Economic DownturnOpenLogic - Open Source Cost Savings in Economic Downturn
OpenLogic - Open Source Cost Savings in Economic DownturnRogue Wave Software
 
The Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveThe Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveRogue Wave Software
 
No liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureNo liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureRogue Wave Software
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationRogue Wave Software
 
Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Rogue Wave Software
 
Adding layers of security to an API in real-time
Adding layers of security to an API in real-timeAdding layers of security to an API in real-time
Adding layers of security to an API in real-timeRogue Wave Software
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyRogue Wave Software
 
Advanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsAdvanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsRogue Wave Software
 
The forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youThe forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youRogue Wave Software
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Rogue Wave Software
 
Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Rogue Wave Software
 
5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure successRogue Wave Software
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliancePSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and complianceRogue Wave Software
 
Java 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureJava 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureRogue Wave Software
 
How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)Rogue Wave Software
 
Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Rogue Wave Software
 
How to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxHow to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxRogue Wave Software
 
Approaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsApproaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsRogue Wave Software
 
Enterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSEnterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSRogue Wave Software
 
Walk through an enterprise Linux migration
Walk through an enterprise Linux migrationWalk through an enterprise Linux migration
Walk through an enterprise Linux migrationRogue Wave Software
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmRogue Wave Software
 
Open source and embedded software development
Open source and embedded software developmentOpen source and embedded software development
Open source and embedded software developmentRogue Wave Software
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impactRogue Wave Software
 
Plan a successful enterprise Linux migration
Plan a successful enterprise Linux migrationPlan a successful enterprise Linux migration
Plan a successful enterprise Linux migrationRogue Wave Software
 
Will you survive the API avalanche?
Will you survive the API avalanche?Will you survive the API avalanche?
Will you survive the API avalanche?Rogue Wave Software
 
Identifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersIdentifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersRogue Wave Software
 
Understanding open source licenses
Understanding open source licensesUnderstanding open source licenses
Understanding open source licensesRogue Wave Software
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Contenu connexe

Plus de Rogue Wave Software

The forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youThe forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youRogue Wave Software
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Rogue Wave Software
 
Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Rogue Wave Software
 
5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure successRogue Wave Software
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliancePSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and complianceRogue Wave Software
 
Java 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureJava 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureRogue Wave Software
 
How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)Rogue Wave Software
 
Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Rogue Wave Software
 
How to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxHow to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxRogue Wave Software
 
Approaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsApproaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsRogue Wave Software
 
Enterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSEnterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSRogue Wave Software
 
Walk through an enterprise Linux migration
Walk through an enterprise Linux migrationWalk through an enterprise Linux migration
Walk through an enterprise Linux migrationRogue Wave Software
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmRogue Wave Software
 
Open source and embedded software development
Open source and embedded software developmentOpen source and embedded software development
Open source and embedded software developmentRogue Wave Software
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impactRogue Wave Software
 
Plan a successful enterprise Linux migration
Plan a successful enterprise Linux migrationPlan a successful enterprise Linux migration
Plan a successful enterprise Linux migrationRogue Wave Software
 
Will you survive the API avalanche?
Will you survive the API avalanche?Will you survive the API avalanche?
Will you survive the API avalanche?Rogue Wave Software
 
Identifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersIdentifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersRogue Wave Software
 
Understanding open source licenses
Understanding open source licensesUnderstanding open source licenses
Understanding open source licensesRogue Wave Software
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 

Plus de Rogue Wave Software (20)

The forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youThe forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for you
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?
 
Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices
 
5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliancePSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliance
 
Java 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureJava 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the future
 
How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)
 
Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)
 
How to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxHow to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to Linux
 
Approaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsApproaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC apps
 
Enterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSEnterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOS
 
Walk through an enterprise Linux migration
Walk through an enterprise Linux migrationWalk through an enterprise Linux migration
Walk through an enterprise Linux migration
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calm
 
Open source and embedded software development
Open source and embedded software developmentOpen source and embedded software development
Open source and embedded software development
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impact
 
Plan a successful enterprise Linux migration
Plan a successful enterprise Linux migrationPlan a successful enterprise Linux migration
Plan a successful enterprise Linux migration
 
Will you survive the API avalanche?
Will you survive the API avalanche?Will you survive the API avalanche?
Will you survive the API avalanche?
 
Identifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersIdentifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developers
 
Understanding open source licenses
Understanding open source licensesUnderstanding open source licenses
Understanding open source licenses
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 

Dernier

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Dernier (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

Understanding the Value of Scanning for Open Source Software

  • 1. 1© OpenLogic, Inc. - Licensed under CC-BY Understand Scanning for Open Source Code and Why YOU Can’t Afford Not to Scan! Thursday, June 27, 2013 11:00 AM MST Live Webinar!
  • 2. 2© OpenLogic, Inc. - Licensed under CC-BY Welcome! Today’s presenters are: Expert Auditor and Presenter: Dave McLoughlin, Director of Open Source Software Auditing Services at OpenLogic Dave.mcloughlin@openlogic.com Moderator: Caitlin Rogers, Senior Director of Marketing at OpenLogic
  • 3. 3© OpenLogic, Inc. - Licensed under CC-BY About OpenLogic  OpenLogic helps Enterprises use Open Source Software  What does this mean? – We offer industrial strength source code scanning software • OSS Deep Discovery – We offer a cloud-based governance and compliance platform called OLEX where you can: • Set-up your open source policy • Keep track of your open source inventory • Mange open source usage in your organization • Run source code scans via OSS Deep Discovery • Access open source repository of resolved licenses • Audit your open source code • Resolve open source licenses – Expert Auditing Services: • If you don’t have the internal expertise, you can hire our experts to scan and analyze your files for you • We offer indemnification on all audits
  • 4. 4© OpenLogic, Inc. - Licensed under CC-BY What we will learn in today’s webinar:  Why you need to be scanning for open source software?  What are the RISKS of NOT scanning?  Why you can’t afford to NOT scan?  What is the difference between binary scanning and source code scanning?  Are cloud scanning solutions (SaaS) safe, secure and effective?  Is accuracy more important than fingerprint size in source code scanning?
  • 5. 5© OpenLogic, Inc. - Licensed under CC-BY Why should you scan for open source? Do you need to scan your source code?  Do you distribute open source code, or sell products containing open source software?  CAUTION! – You don’t have to be selling software in order to be distributing it!  Do you offer apps available for download on your Website or via app marketplaces like iTunes, Google Play?  Do you need an internal inventory of all your source code and what’s contained therein?  Is your organization engaged in merger and acquisitions?  Do you outsource software development?  Do you contribute code to open source projects?
  • 6. 6© OpenLogic, Inc. - Licensed under CC-BY Use of OSS under GPL Revisions made to OSS Linked to or bundled with proprietary code Use by wholly owned sub Sub is sold to a 3rd party Internal Use Use by an outsourcer or contractor Software shared with “partner” during further development Software distributed to end users Using OSS Distributing OSS Changes in how OSS is used can impact license compliance When is OSS “distributed”?
  • 7. 7© OpenLogic, Inc. - Licensed under CC-BY Did you answer YES to any of those questions? If you answered  YES to any of the previous questions, you should be scanning your source code. What are the risks of NOT scanning? Avoiding source code scanning is NOT worth the RISK!
  • 8. 8© OpenLogic, Inc. - Licensed under CC-BY Why you can’t afford to NOT scan?  Legal Risks: – Lawsuits – Audits – Loss of Ownership  Security Risks: – CVE  Maintenance: – Features – Performance  BONUS! – Human Error – Unused code – Accidental use Potential Risks and Costs of NOT Scanning
  • 9. 9© OpenLogic, Inc. - Licensed under CC-BY What is the difference between binary scanning and source code scanning?  Most companies need to undertake source code scanning and not just binary scanning. What is the difference?  Source Code Scanning – Used on source code AND binaries – Finds open source packages, copied snippets, and licenses – Recommended for any software that is distributed  Binary Scanning or Inventory Scanning: – Used on binaries, doesn’t scan all source code – Finds OSS packages used – Effective for taking software inventories on machines and applications – Not as thorough or comprehensive as a source code scan – OpenLogic offers a free binary scanner called OSS Discovery; it’s one of OpenLogic’s many contributions to the open source community http://www.openlogic.com/resources-library/binary-source-code-scanners/
  • 10. 10© OpenLogic, Inc. - Licensed under CC-BY Are cloud scanning solutions (SaaS) safe, secure and effective?  OLEX provides a unique private cloud solution. The source code NEVER leaves the safety of your firewall.  The results of the scan are fingerprinted with a one-way hash code, which can not be used to reveal your code, as it just provides a “digital” reference.  That fingerprint is returned securely (SSL) via the cloud and results of the scan are produced into a bill of materials or BOM.  This is highly secure, private and most importantly your code remains anonymous.  We provide a security whitepaper with details on the measures we take in our product and data centers to keep your information secure.  http://www.openlogic.com/resources-library/data-sheet-openlogic-exchange-olex/
  • 11. 11© OpenLogic, Inc. - Licensed under CC-BY Accuracy vs. Size of Fingerprint Database  High Accuracy, Low Noise – Multiple matching techniques to find projects, files, snippets and modified code – A focus on accuracy helps to reduce false positives and better identifies a correct license match – Scanner employees multiple noise reduction techniques – More fingerprints don’t always mean better results. Fewer, targeted results produce faster analysis  SaaS crowd sourcing – Leveraging the work of others – Boosting results – Suggestions
  • 12. 12© OpenLogic, Inc. - Licensed under CC-BY What we learned in today’s webinar:  Why you need to be scanning for open source software?  What are the RISKS of NOT scanning?  Why you can’t afford to NOT scan?  What is the difference between binary scanning and source code scanning?  Are cloud scanning solutions (SaaS) safe, secure and effective?  Is accuracy more important than fingerprint size in source code scanning?
  • 13. 13© OpenLogic, Inc. - Licensed under CC-BY Thank You!  Want to Learn More? – Get a demo of OSS Deep Discovery: http://www.openlogic.com/products/olex/ – The First 5 Attendees Who Request a Demo Will Get the Following: – A free Scanning Account Set-up on OLEX – 1K FREE files scanned of your source code! – 1 Hour FREE review of your source code with an Expert Auditor  Contact us: – 1.888.OPENLOGIC | marketing@openlogic.com | Twitter @openlogic www.openlogic.com | olex.openlogic.com Source Code Scanning made Secure, Accurate, Effective & Simple

Notes de l'éditeur

  1. SD Times June 2013, “Newest risk to app security: Using vulnerable components” – The 2013 OWASP top 10Sql injectionBroken auth and session managementCross-site scripting