Open source software components may be free, but that doesn't automatically make them safe to use. "There can be risks involved ... with using open source," says Steve Giguere, a security strategist at Synopsis.
Those risks are due in part to - and compounded by - organizations' time-to-market pressures and need to integrate new features as quickly as possible. As a result, "if there are vulnerabilities in that open source, they often become public vulnerabilities and it becomes a race against time as to whether your deployed application is vulnerable and how fast you can fix it."
In a video interview at the recent Infosecurity Europe conference in London, Giguere discusses:
- Managing open source components;
- How to put code reviews into practice;
- Agile development, the rise of DevSecOps and the state of secure coding.
Giguere is a lead sales engineer at Synopsys, where he works tirelessly to encourage firms to build security into their software development lifecycle.