Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open Source Rookies
Download as PPTX, PDF2 likes500 views
This document outlines key updates in open source security and application testing, highlighting that Synopsys remains a leader in the 2018 Gartner Magic Quadrant while GitHub reports 4 million flaws in public code. It also recognizes the best open source projects of 2018 and discusses the challenges and benefits of incorporating open source in various industries, including automotive and elections. The importance of community engagement and innovation among open source projects is emphasized throughout.
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open Source Rookies
- 1. Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open Source Rookies By Fred Bals, Senior Content Strategist
- 2. Cybersecurity News This Week A big news week for Synopsys and Black Duck as Gartner releases the 2018 Gartner Magic Quadrant for Application Security Testing and the 2018 Open Source Rookies of the Year are announced. More on these stories and the hottest open source security and cybersecurity news in this week’s Open Source Insight!
- 3. • Synopsys maintains leadership position in the 2018 Gartner Magic Quadrant for Application Security Testing • GitHub inspection discovers 4 million flaws In public code • The best open source rookies of 2018 • Synopsys reveals its open-source rookies of the year • What and who are the Open Source Rookies of the Year? Open Source News Stories
- 4. • What it takes to be an Open Source Rookie • With much of the Data Center stack open source, security is a special challenge • Safety first: the auto industry looks to open source to uncover new sources of revenue • Weighing the pros and cons of open sourcing election software Open Source News Stories
- 5. Synopsys maintains leadership position in the 2018 Gartner Magic Quadrant for Application Security Testing via Synopsys Software Integrity blog: I’m proud to report that the 2018 Gartner Magic Quadrant for Application Security Testing has positioned Synopsys as a leader for the second consecutive year. This designation clearly illustrates our growing vision and ability to execute on our solutions. For more information, download your copy of the 2018 Gartner Magic Quadrant for Application Security Testing.
- 6. GitHub inspection discovers 4 million flaws In public code via Silicon UK: “In general, we support initiatives like GitHub’s Security Alerts as they aim to help open source project teams produce more secure code,” explained Tim Mackey, technology evangelist at open source code security experts Black Duck by Synopsys. “Open source is pervasive and it plays an increasingly critical role in the software ecosystem, so any measures that bolster open source security should be applauded,” he added. It should be noted that Black Duck by Synopsys does provide a similar free service for open source project teams called CoPilot.
- 7. The best open source rookies of 2018 via Infoworld: Over the last decade, Black Duck by Synopsys has recognized some of the most innovative and influential open source projects launched each year. This recognition is a tribute to the success and momentum of these projects, and affirmation of their prospects going forward. We’ve seen honorees like Kubernetes (2014), Docker (2013), Ansible (2012), Bootstrap (2011), NuGet (2011), and OpenStack (2010) evolve to become some of the most influential open source projects in the market. We expect this year’s rookies to be no exception.
- 8. Synopsys reveals its open-source rookies of the year via SD Times: Synopsys is continuing on with Black Duck’s tradition of naming Open Source Rookies of the Year. The decade-long tradition was established by Black Duck and designed to recognized the latest and greatest open-source projects. Synopsys announced it had acquired Black Duck Software in December of last year. The Open Source Rookies represent the top open source projects that were initiated in 2017. The projects cover a range of different areas including autonomous driving, scalable blockchain, and virtual network functions orchestrations, personal security, and relationship management.
- 9. What and who are the Open Source Rookies of the Year? via Synopsys Software Integrity blog: At Black Duck by Synopsys, we work with the community and organizations to understand how the open source community is thinking about technology and the future. As part of that process, we view our connection to the open source community as a key component to understanding both where the development community is and where the open source community is moving next.
- 10. What it takes to be an Open Source Rookie via Black Duck blog: 2018 is the Rookies report’s 10th anniversary, and this year’s honorees exemplify the core tenets of open source. They push the boundaries of technological innovation, build on the contributions of projects before them, lay the foundation for projects that succeed them to innovate, and engage the community for material contributions to—and strategic guidance on—the projects themselves.
- 11. via Data Center Knowledge: Even commercial software is not immune to the open source trend. According to Synopsys-owned Black Duck Software, which tracks open source code, open source components are now present in 96 percent of commercial applications. Open source components make development faster and cheaper for both commercial software shops and in-house teams. "All of these things lead to a stack of open source," said Tim Mackey, senior technical evangelist for Black Duck. But there's a downside to the spread of open source code, and that downside is patch management. With much of the Data Center stack open source, security is a special challenge
- 12. via Linux Foundation: Banking, Commerce, Media, Agriculture, Energy and other massive industry sectors are wholly dependent on the widespread use of open source software to function. Of course, each industry is different and faces its own set of unique challenges and requirements. In particular, the automotive industry is rightfully cautious about all software, not just open source. However, the industry has come to trust proven platforms that have shown results over time, rather than novel capabilities. Safety first: the auto industry looks to open source to uncover new sources of revenue
- 13. via Black Duck blog: Open source voting applications are already playing a role in elections in New Hampshire. San Francisco, Los Angeles, and Travis County, Texas are allocating funds to move toward open source voting systems as well. If the FEC does replace proprietary software with open source, it should consider automated security tools in addition to the open source community to provide a more complete application security picture. Weighing the pros and cons of open sourcing election software