The challenge: Secure open source code at the speed of DevOps
Open source software has become the norm; its prevalence is seen in tech and nontech companies alike. Today, open source serves as the foundation for nearly every application in every industry. But although open source has exploded in popularity and adoption, organizations often fail to adequately manage it from a security perspective.
Each year, Synopsys conducts its Open Source Security and Risk Analysis report, which provides insight into the current state of open source security, compliance, and code quality risk. This year’s edition found that of the 1,253 applications audited, 99% contained open source code, and 75% of those codebases contained vulnerabilities. This clearly underscores the predominance of open source—and the lack of open source vulnerability management.
Compounding the need for open source security is the ever-increasing rate of development. As organizations shift toward agile DevOps development cycles, security solutions must be able to adequately scale and keep pace.
Organizations like Avira depend on secure and reliable code for their industry-leading software products, so they must incorporate robust security solutions into their software development life cycles in order to adequately manage open source.
Marian Schneider, information security officer at Avira, noted that increasing product complexity and market regulations, along with the need to replace manual processes, were a key challenge in Avira’s DevOps pipeline. That challenge drove the company to look for an open source security solution that could keep up and scale with its DevOps needs.
Schneider said, “from the DevOps side, the security of open source became more important, and Avira started looking for tools on the market that integrated into the DevOps pipeline.”