Friday, September 25, 2015

Companies that use open source code don't really understand their exposure to open source security vulnerabilities, our area of focus and expertise.

An interview with Lou Shipley, CEO,  Black Duck Software, @LouShipley @black_duck_sw

We asked.  Lou answered.

What is the next step that you recommend the local community takes to ensure that Boston becomes the next security Mecca?

Promoting entrepreneurship in security technology and leveraging the expertise of companies in the space to nurture and encourage the entrepreneurs is always a good way to create some energy behind this sort of effort--and a way to attract capital.
Additionally, investing in primary education and expert instruction in related disciplines is essential. Technology and computer science, are important of course, but so are contemporary classes in sales and capital formation--as early on as junior high school. This will pay dividends for many years to come.

Why is stepping up security, immediately, particularly important to your company/industry?

The explosion in the use of open source software has created significant security challenges. Because open source software makes its way into code bases in a variety of ways, it is difficult for companies to maintain the necessary visibility into, and control of, the code they are using. This lack of visibility and control has led to high-profile breaches such as HeartBleed and Shellshock.

What is the key obstacle companies like yours face in bringing security up to where it needs to be?

Companies do not really understand their exposure, or believe they have the situation in hand--even though they are using testing tools that are not effective in finding open source vulnerabilities. It is important that we help companies understand their potential exposure to open source vulnerabilities and educate them about automated solutions that address that exposure.

Hear more of what Lou has to say at The Business of Security:  Impacting Your Company's Resiliency, Reputation and Revenue on September 30. Learn more and register: http://bit.ly/SecurityBiz

No comments: