Discover Security Trends News
Use Static Analysis to Secure Open Source
Open Source lends itself to a new way of certifying software: Continuous Assurance. In this approach, automated tools and processes ensure that, as code changes, it continually satisfies compliance, quality, and security requirements. "Continuous Assurance integrates directly into development and benefits from the always-up-to-date nature of cloud services, making it a perfect match for Open Source."
Sonatype’s 2020 State of the Software Supply Chain Report found that next generation cyber-attacks actively targeting open-source soft- ware projects increased 430% over the past 12 months. Industry and the Open Source communities recognize heightened security risks and are working to solve these.
For example, in August 2020 the Linux Foundation launched the Open Source Security Foundation (OpenSSF), billing itself as “a cross-industry collaboration that brings together leaders to improve the security of open-source software.” The Foundation notes how pervasive open source has become, and how critical it is to bring together open-source security initiatives and those who support them to advance open-source security for all stakeholders.