The answer lies in open source hygiene. By implementing automated solutions for managing open source code throughout the development process and across the supply chain, organizations gain a critical advantage in heading off security threats. This means code is automatically vetted against vulnerability databases such as the OSVDB and NVDB, assuring that only the most up-to-date versions of those components are chosen.
In the case of GHOST, this approach would have yielded one of several outcomes:
- Earlier flagging of glibc version 2.2 or earlier, with a call to upgrade development and deployed versions to version 2.3.
- Current flagging of the library, based on OSVDB/NVDB bulletins, to check for deprecated versions to and confirm that the correct patches had been applied to version 2.3.
In other words, you won't have to waste time searching for open source components in your code base you'll know exactly where they are and how they're being used. This gives you an actionable roadmap to quick remediation.
With open source hygiene, your organization can sort through and deal with the ongoing security threats, because unsafe open source code is highlighted, and remediation paths identified, at the beginning of the development process rather than when the process is already underway.
The smartest software development organizations today are integrating open source hygiene into their software development lifecycle so security is no longer about remediation, but about being pre-emptive and proactive. With this approach, the software lifecycle becomes much more manageable.
Sign up for Computerworld eNewsletters.