Open Source Authors Are the New Security Specialists
Software continues to take over the world, running everything in our lives. Advanced computer systems in the cloud optimize everything in our lives, from traffic navigation to online deliveries to home automation, and the events of the past year have further accelerated the move to the cloud and DevOps platforms. All of this software depends upon, runs on, and is enabled by open source software.
Almost every tool and service you use have open source components that you can use to both “play and scale” at the drop of a hat, from MicroProfile, Quarkus, Kube, and Docker to every JS framework. Foundations have sprung up to provide governance of these projects from inception to maturity.
At the same time that the pace of software delivery is accelerating, the attack surface of the world has also grown exponentially. Every open source library you depend on is a potential vulnerability now or in the future when a new exploit is discovered. The only mitigation is to stay ahead of the hackers by continuously scanning and updating your dependencies.
Velocity is key. Time to market wins. Your code, the piece of the puzzle that you create, is part of the supply chain. It matters and is visible on a scale never seen before. You are now that person who must think about security from the IDE. Your dev environment is connected to the user in real-time. Running a security scan in pre-production just doesn’t cut it anymore. You need to make sure there are security audits in your dev environment, and you continuously scan your code (including all the open source packages you use).
This is the new you. This is shifting left. This is the way.
At ATO, Stephen Chin, JFrog’s VP Developer Relations, will talk about the importance of securing and tracing your binary dependencies, full observability from code to production as we enter a new era where the machines outnumber and outpower the humans due to the acceleration of digital transformation and shift to cloud and hybrid computing.
The Featured Blog Posts series will highlight posts from partners and members of the All Things Open community leading up to the conference in October.