SlideShare a Scribd company logo

All Things Open 2022 - State of OSS Security & Support

Javier Perez
Javier Perez

Presentation about the latest trends in open source software including growth, life cycles, government initiatives, support, and security

1 of 27
Download to read offline
Image by Gerd Altmann from Pixabay Image by Gerd Altmann from Pixabay Javier Perez Chief Evangelist & Sr. Director Product Management, OpenLogic by Perforce The State of Open Source Software, Security & Support
Nice To Meet You! Chief Evangelist & Sr. Director Product Management @jperezp_bos javierperez.mozello.com www.linkedin.com/in/javierperez Javier Perez
2.1M + 1,034 packages per day 504K + 157 packages per day 355K + 87 packages per day 410K + 276 packages per day 328K + 150 packages per day 173K + 15 packages per day Source: Oct 28, 2022 www.modulecounts.com
370+ Projects 420+ Projects 850+ Projects 120+ Projects 40+ Projects
Has your organization increased the use of open source software over the last year? Yes Yes, significantly Remain the same Reduced the use of open source 41% 36% 22% 1.6% YES 77%
Open Source Support Open Source in Organizations & Government Open Source Security
Open Source SDLC Trends • Smaller Releases • CI/CD, Testing & Security Scan Automation • Reduced Number of Supported Releases • Reduced Long-Term Support • Challenging to maintain older versions • Backporting patches • Time consuming • Regression testing Constant Updates Shorter LTS
Release Cadence Long-Term Support and End-of-Life • AngularJS EOL • CentOS • Extended Support beyond LTS?
Source: www.php.net/supported-versions.php PHP
Source: https://endoflife.date Node.js
Risks of Ignoring End-of-Life • Unpatched CVEs means an ongoing and compounding risk of exploit • Incompatibility with newer software • No-compliance (internal policy or industry compliance) • Becoming more complex to upgrade or migrate in the future, more support required • Self Support Cost: Development resources away from their jobs, expertise required
Open Source Support Challenges Keeping up with updates & patches Installation upgrades & configuration Personnel experience & proficiency
• Constant releases and apply security patches • End-of-life versions Vulnerability Vulnerability Discovered Vulnerability Fixed Vulnerability Vulnerability Discovered Vulnerability Fixed Vulnerability V1.0.0 V1.0.1 V1.0.2 Keeping Up With Updates and Patches Example: OpenSSL releasing 3.0.7 today
Increased Awareness Open Source Security Today • Identify Inventory: Software Bill of Materials (SBOM) • Security Scans: Vulnerability Detection • Apply Fixes: Patches
• Open source libraries reusability • Depending on the Programming Language libraries can have up to 1000’s of dependencies • A real risk for all software when there are vulnerabilities in dependencies Dependencies and Vulnerabilities * Sources: graphcommons.com
Education Open Source Software Security Mobilization Plan Risk Assessment Top 10K OSS Digital Signatures Move to Memory Safe Languages Incident Response Team Coordinated Public Disclosure Code Reviews Top 200 OSS Industry Data Sharing SBOM Everywhere Enhance Package Management
ISO/IEC 5230 Open Chain Standard • Organization Level License Compliance for every OSS artifact • Documented process • SBOM verification • Open source community engagement License Risk
Open Source and US Government White House Executive Order on Improving Cybersecurity - Working Groups H.R. 7667 Medical Device Security Bill – Vulnerability detection and SBOMs directive The Federal Trade Commission (FTC) advise companies to patch Log4J – Legal Action
Open Source and US Government Cybersecurity and Infrastructure Security Agency (CISA) – Binding directive making vulnerability disclosure mandatory National Security Strategy - Aligning with Orgs & OSS US Senate Securing Open Source Software Act – Best practices assessment framework, OSPO, and hire OSS experts
Open Source Maturity in Organizations Desired Position /Efforts Time Consumers Adopting (cost, time, or modernize) Deploying and complying with licenses Participants Limited contributions to open source Increased use & adoption, business-critical Contributor Contributions to open source projects Investment in open source technologies Leader Launching new open projects & initiatives Establishing Open Source Program Office
Maturity in Organizations by the Numbers Retail has the highest OSS Usage at 60% Manufacturing with the Lowest Rate of Experts 30% Banking, Insurance, Financial Services with most Innersources 19% Healthcare and Pharma with the Highest Rate of OSPOs 21% * Sources: 2022 State of Open Source Report
Open Source Jobs Report Source: The Linux Foundation OSS Jobs Report 93% Of Employers with difficulty finding talent with OSS Skills 77% of orgs are growing their use of cloud-native technologies Most on demand skills: Cloud/Container Technology, Linux, DevOps/GitOps, Cybersecurity, AI/ML, Web Technologies 81% of open source professionals plan to add certifications
Key Takeaways § Open source release life cycles, EOL and LTS are constantly changing § Lessons from CentOS and AngularJS EOL § OSS communities work on security, the key is to keep up with updates and patches § There’s more Open Source Security Awareness and Government participation
Has your organization increased the use of open source software over the last year? Yes Yes, significantly 41% 36% YES 77%
Has your organization increased the use of open source software over the last year? Yes Yes, significantly 50% 35% YES 85% Latest Results
www.research.net/r/state-of-oss Participate in the 2023 State of Open Source
Thank You! Chief Evangelist & Sr. Director Product Management @jperezp_bos javierperez.mozello.com www.linkedin.com/in/javierperez Javier Perez
Ad

Recommended

Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOps
Black Duck by Synopsys
 
Software Security Assurance for Devops
Software Security Assurance for DevopsSoftware Security Assurance for Devops
Software Security Assurance for Devops
Jerika Phelps
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impact
Rogue Wave Software
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...
WhiteSource
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOpsFrom Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
DevOps.com
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
Paris Open Source Summit
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
YoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
VictoriaChavesta
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
WhiteSource
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
Tej Luthra
 
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCICI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
WhiteSource
 
Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...
FaithWestdorp
 
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Black Duck by Synopsys
 
You Can’t Live Without Open Source - Results from the Open Source 360 Survey
You Can’t Live Without Open Source - Results from the Open Source 360 SurveyYou Can’t Live Without Open Source - Results from the Open Source 360 Survey
You Can’t Live Without Open Source - Results from the Open Source 360 Survey
Black Duck by Synopsys
 
DevOps Challenges and Version Control
DevOps Challenges and Version ControlDevOps Challenges and Version Control
DevOps Challenges and Version Control
Perforce
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Tim Mackey
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Black Duck by Synopsys
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
WhiteSource
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
Rogue Wave Software
 
Linux and the Open Source- D Sarkar
Linux and the Open Source- D SarkarLinux and the Open Source- D Sarkar
Linux and the Open Source- D Sarkar
Dipayan Sarkar
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
The Growing Research that Open Source Owns the Future in Cloud
The Growing Research that Open Source Owns the Future in CloudThe Growing Research that Open Source Owns the Future in Cloud
The Growing Research that Open Source Owns the Future in Cloud
All Things Open
 
Empowering Financial Institutions to Use Open Source With Confidence
Empowering Financial Institutions to Use Open Source With ConfidenceEmpowering Financial Institutions to Use Open Source With Confidence
Empowering Financial Institutions to Use Open Source With Confidence
WhiteSource
 
WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...
WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...
WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...
DevOps.com
 
Open Source All The Things
Open Source All The ThingsOpen Source All The Things
Open Source All The Things
All Things Open
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated Environments
DevOps.com
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
Stefan Streichsbier
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
Stefan Streichsbier
 
Open Source Security and ChatGPT-Published.pdf
Open Source Security and ChatGPT-Published.pdfOpen Source Security and ChatGPT-Published.pdf
Open Source Security and ChatGPT-Published.pdf
Javier Perez
 
Open Source North - State of OSS in Organizations
Open Source North - State of OSS in OrganizationsOpen Source North - State of OSS in Organizations
Open Source North - State of OSS in Organizations
Javier Perez
 
Ad

More Related Content

Similar to All Things Open 2022 - State of OSS Security & Support (20)

From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
WhiteSource
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
Tej Luthra
 
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCICI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
WhiteSource
 
Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...
FaithWestdorp
 
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Black Duck by Synopsys
 
You Can’t Live Without Open Source - Results from the Open Source 360 Survey
You Can’t Live Without Open Source - Results from the Open Source 360 SurveyYou Can’t Live Without Open Source - Results from the Open Source 360 Survey
You Can’t Live Without Open Source - Results from the Open Source 360 Survey
Black Duck by Synopsys
 
DevOps Challenges and Version Control
DevOps Challenges and Version ControlDevOps Challenges and Version Control
DevOps Challenges and Version Control
Perforce
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Tim Mackey
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Black Duck by Synopsys
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
WhiteSource
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
Rogue Wave Software
 
Linux and the Open Source- D Sarkar
Linux and the Open Source- D SarkarLinux and the Open Source- D Sarkar
Linux and the Open Source- D Sarkar
Dipayan Sarkar
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
The Growing Research that Open Source Owns the Future in Cloud
The Growing Research that Open Source Owns the Future in CloudThe Growing Research that Open Source Owns the Future in Cloud
The Growing Research that Open Source Owns the Future in Cloud
All Things Open
 
Empowering Financial Institutions to Use Open Source With Confidence
Empowering Financial Institutions to Use Open Source With ConfidenceEmpowering Financial Institutions to Use Open Source With Confidence
Empowering Financial Institutions to Use Open Source With Confidence
WhiteSource
 
WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...
WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...
WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...
DevOps.com
 
Open Source All The Things
Open Source All The ThingsOpen Source All The Things
Open Source All The Things
All Things Open
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated Environments
DevOps.com
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
Stefan Streichsbier
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
Stefan Streichsbier
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
WhiteSource
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
Tej Luthra
 
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCICI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
WhiteSource
 
Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...
FaithWestdorp
 
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Black Duck by Synopsys
 
You Can’t Live Without Open Source - Results from the Open Source 360 Survey
You Can’t Live Without Open Source - Results from the Open Source 360 SurveyYou Can’t Live Without Open Source - Results from the Open Source 360 Survey
You Can’t Live Without Open Source - Results from the Open Source 360 Survey
Black Duck by Synopsys
 
DevOps Challenges and Version Control
DevOps Challenges and Version ControlDevOps Challenges and Version Control
DevOps Challenges and Version Control
Perforce
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Tim Mackey
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Black Duck by Synopsys
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
WhiteSource
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
Rogue Wave Software
 
Linux and the Open Source- D Sarkar
Linux and the Open Source- D SarkarLinux and the Open Source- D Sarkar
Linux and the Open Source- D Sarkar
Dipayan Sarkar
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
The Growing Research that Open Source Owns the Future in Cloud
The Growing Research that Open Source Owns the Future in CloudThe Growing Research that Open Source Owns the Future in Cloud
The Growing Research that Open Source Owns the Future in Cloud
All Things Open
 
Empowering Financial Institutions to Use Open Source With Confidence
Empowering Financial Institutions to Use Open Source With ConfidenceEmpowering Financial Institutions to Use Open Source With Confidence
Empowering Financial Institutions to Use Open Source With Confidence
WhiteSource
 
WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...
WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...
WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...
DevOps.com
 
Open Source All The Things
Open Source All The ThingsOpen Source All The Things
Open Source All The Things
All Things Open
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated Environments
DevOps.com
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
Stefan Streichsbier
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
Stefan Streichsbier
 

More from Javier Perez (7)

Open Source Security and ChatGPT-Published.pdf
Open Source Security and ChatGPT-Published.pdfOpen Source Security and ChatGPT-Published.pdf
Open Source Security and ChatGPT-Published.pdf
Javier Perez
 
Open Source North - State of OSS in Organizations
Open Source North - State of OSS in OrganizationsOpen Source North - State of OSS in Organizations
Open Source North - State of OSS in Organizations
Javier Perez
 
Intro to open source - 101 presentation
Intro to open source - 101 presentationIntro to open source - 101 presentation
Intro to open source - 101 presentation
Javier Perez
 
Open source and AI keynote
Open source and AI keynoteOpen source and AI keynote
Open source and AI keynote
Javier Perez
 
SacHacks Keynote Open Source Software and IBM Z
SacHacks Keynote Open Source Software and IBM ZSacHacks Keynote Open Source Software and IBM Z
SacHacks Keynote Open Source Software and IBM Z
Javier Perez
 
All You need to Know about Secure Coding with Open Source Software
All You need to Know about Secure Coding with Open Source SoftwareAll You need to Know about Secure Coding with Open Source Software
All You need to Know about Secure Coding with Open Source Software
Javier Perez
 
Guide to open source
Guide to open source Guide to open source
Guide to open source
Javier Perez
 
Open Source Security and ChatGPT-Published.pdf
Open Source Security and ChatGPT-Published.pdfOpen Source Security and ChatGPT-Published.pdf
Open Source Security and ChatGPT-Published.pdf
Javier Perez
 
Open Source North - State of OSS in Organizations
Open Source North - State of OSS in OrganizationsOpen Source North - State of OSS in Organizations
Open Source North - State of OSS in Organizations
Javier Perez
 
Intro to open source - 101 presentation
Intro to open source - 101 presentationIntro to open source - 101 presentation
Intro to open source - 101 presentation
Javier Perez
 
Open source and AI keynote
Open source and AI keynoteOpen source and AI keynote
Open source and AI keynote
Javier Perez
 
SacHacks Keynote Open Source Software and IBM Z
SacHacks Keynote Open Source Software and IBM ZSacHacks Keynote Open Source Software and IBM Z
SacHacks Keynote Open Source Software and IBM Z
Javier Perez
 
All You need to Know about Secure Coding with Open Source Software
All You need to Know about Secure Coding with Open Source SoftwareAll You need to Know about Secure Coding with Open Source Software
All You need to Know about Secure Coding with Open Source Software
Javier Perez
 
Guide to open source
Guide to open source Guide to open source
Guide to open source
Javier Perez
 
Ad

Recently uploaded (20)

How to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud PerformanceHow to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud Performance
ThousandEyes
 
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
Revolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptxRevolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptx
nidhisingh691197
 
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New VersionF-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
saimabibi60507
 
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025
kashifyounis067
 
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Andre Hora
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Solidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license codeSolidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license code
aneelaramzan63
 
Automation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath CertificateAutomation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath Certificate
VICTOR MAESTRE RAMIREZ
 
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdfMicrosoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
TechSoup
 
Who Watches the Watchmen (SciFiDevCon 2025)
Who Watches the Watchmen (SciFiDevCon 2025)Who Watches the Watchmen (SciFiDevCon 2025)
Who Watches the Watchmen (SciFiDevCon 2025)
Allon Mureinik
 
Douwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License codeDouwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License code
aneelaramzan63
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025
mu394968
 
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
Andre Hora
 
Top 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docxTop 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docx
Portli
 
Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]
saniaaftab72555
 
Download YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full ActivatedDownload YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full Activated
saniamalik72555
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
Adobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest VersionAdobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest Version
kashifyounis067
 
How to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud PerformanceHow to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud Performance
ThousandEyes
 
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
Revolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptxRevolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptx
nidhisingh691197
 
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New VersionF-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
saimabibi60507
 
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025
kashifyounis067
 
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Andre Hora
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Solidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license codeSolidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license code
aneelaramzan63
 
Automation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath CertificateAutomation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath Certificate
VICTOR MAESTRE RAMIREZ
 
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdfMicrosoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
TechSoup
 
Who Watches the Watchmen (SciFiDevCon 2025)
Who Watches the Watchmen (SciFiDevCon 2025)Who Watches the Watchmen (SciFiDevCon 2025)
Who Watches the Watchmen (SciFiDevCon 2025)
Allon Mureinik
 
Douwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License codeDouwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License code
aneelaramzan63
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025
mu394968
 
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
Andre Hora
 
Top 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docxTop 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docx
Portli
 
Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]
saniaaftab72555
 
Download YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full ActivatedDownload YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full Activated
saniamalik72555
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
Adobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest VersionAdobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest Version
kashifyounis067
 
Ad

All Things Open 2022 - State of OSS Security & Support

  • 1. Image by Gerd Altmann from Pixabay Image by Gerd Altmann from Pixabay Javier Perez Chief Evangelist & Sr. Director Product Management, OpenLogic by Perforce The State of Open Source Software, Security & Support
  • 2. Nice To Meet You! Chief Evangelist & Sr. Director Product Management @jperezp_bos javierperez.mozello.com www.linkedin.com/in/javierperez Javier Perez
  • 3. 2.1M + 1,034 packages per day 504K + 157 packages per day 355K + 87 packages per day 410K + 276 packages per day 328K + 150 packages per day 173K + 15 packages per day Source: Oct 28, 2022 www.modulecounts.com
  • 5. Has your organization increased the use of open source software over the last year? Yes Yes, significantly Remain the same Reduced the use of open source 41% 36% 22% 1.6% YES 77%
  • 6. Open Source Support Open Source in Organizations & Government Open Source Security
  • 7. Open Source SDLC Trends • Smaller Releases • CI/CD, Testing & Security Scan Automation • Reduced Number of Supported Releases • Reduced Long-Term Support • Challenging to maintain older versions • Backporting patches • Time consuming • Regression testing Constant Updates Shorter LTS
  • 8. Release Cadence Long-Term Support and End-of-Life • AngularJS EOL • CentOS • Extended Support beyond LTS?
  • 11. Risks of Ignoring End-of-Life • Unpatched CVEs means an ongoing and compounding risk of exploit • Incompatibility with newer software • No-compliance (internal policy or industry compliance) • Becoming more complex to upgrade or migrate in the future, more support required • Self Support Cost: Development resources away from their jobs, expertise required
  • 12. Open Source Support Challenges Keeping up with updates & patches Installation upgrades & configuration Personnel experience & proficiency
  • 13. • Constant releases and apply security patches • End-of-life versions Vulnerability Vulnerability Discovered Vulnerability Fixed Vulnerability Vulnerability Discovered Vulnerability Fixed Vulnerability V1.0.0 V1.0.1 V1.0.2 Keeping Up With Updates and Patches Example: OpenSSL releasing 3.0.7 today
  • 14. Increased Awareness Open Source Security Today • Identify Inventory: Software Bill of Materials (SBOM) • Security Scans: Vulnerability Detection • Apply Fixes: Patches
  • 15. • Open source libraries reusability • Depending on the Programming Language libraries can have up to 1000’s of dependencies • A real risk for all software when there are vulnerabilities in dependencies Dependencies and Vulnerabilities * Sources: graphcommons.com
  • 16. Education Open Source Software Security Mobilization Plan Risk Assessment Top 10K OSS Digital Signatures Move to Memory Safe Languages Incident Response Team Coordinated Public Disclosure Code Reviews Top 200 OSS Industry Data Sharing SBOM Everywhere Enhance Package Management
  • 17. ISO/IEC 5230 Open Chain Standard • Organization Level License Compliance for every OSS artifact • Documented process • SBOM verification • Open source community engagement License Risk
  • 18. Open Source and US Government White House Executive Order on Improving Cybersecurity - Working Groups H.R. 7667 Medical Device Security Bill – Vulnerability detection and SBOMs directive The Federal Trade Commission (FTC) advise companies to patch Log4J – Legal Action
  • 19. Open Source and US Government Cybersecurity and Infrastructure Security Agency (CISA) – Binding directive making vulnerability disclosure mandatory National Security Strategy - Aligning with Orgs & OSS US Senate Securing Open Source Software Act – Best practices assessment framework, OSPO, and hire OSS experts
  • 20. Open Source Maturity in Organizations Desired Position /Efforts Time Consumers Adopting (cost, time, or modernize) Deploying and complying with licenses Participants Limited contributions to open source Increased use & adoption, business-critical Contributor Contributions to open source projects Investment in open source technologies Leader Launching new open projects & initiatives Establishing Open Source Program Office
  • 21. Maturity in Organizations by the Numbers Retail has the highest OSS Usage at 60% Manufacturing with the Lowest Rate of Experts 30% Banking, Insurance, Financial Services with most Innersources 19% Healthcare and Pharma with the Highest Rate of OSPOs 21% * Sources: 2022 State of Open Source Report
  • 22. Open Source Jobs Report Source: The Linux Foundation OSS Jobs Report 93% Of Employers with difficulty finding talent with OSS Skills 77% of orgs are growing their use of cloud-native technologies Most on demand skills: Cloud/Container Technology, Linux, DevOps/GitOps, Cybersecurity, AI/ML, Web Technologies 81% of open source professionals plan to add certifications
  • 23. Key Takeaways § Open source release life cycles, EOL and LTS are constantly changing § Lessons from CentOS and AngularJS EOL § OSS communities work on security, the key is to keep up with updates and patches § There’s more Open Source Security Awareness and Government participation
  • 24. Has your organization increased the use of open source software over the last year? Yes Yes, significantly 41% 36% YES 77%
  • 25. Has your organization increased the use of open source software over the last year? Yes Yes, significantly 50% 35% YES 85% Latest Results
  • 27. Thank You! Chief Evangelist & Sr. Director Product Management @jperezp_bos javierperez.mozello.com www.linkedin.com/in/javierperez Javier Perez