DevSecOps , Next-Generation Technologies & Secure Development

Getting Visibility Into Open Source Components

Panelists Discuss Challenges for Developers Using Open Source Codes
From Left: Reuben Athaide of Standard Chartered Bank and Michelle Dufty from Sonatype

Many applications use open source components, which can make it challenging to pinpoint any security issues. How can organizations gain better visibility of risks?

See Also: Securing Applications, Accelerating DevOps With Clean Code

In an in-depth video discussion, Michelle Dufty of Sonatype and Reuben Athaide of Standard Chartered Bank address critical issues associated with using open source codes and share the solutions that can be leveraged to help ensure security.

“The key thing for developers is that security should not slow them down,” Dufty says. “If you are going to shift security left, security tools have to work the way developers expect them to work. It has to be easy to use. It has to fit in the DevOps tool.”

Athaide shares his experience on the benefits of an open source policy.

“Earlier, before going live in production developers would raise a ticket for the security team to run an application security test. However, this resulted in project delays,” Athaide says. “Now, having a central CI/CD pipeline with application security integrated into the testing has helped us reduce cycle time over all and reduce waste in the SDLC.”

In this video panel discussion, the panelists also discuss:

  • Challenges for developers in getting open source visibility;
  • How best to develop an open source policy;
  • What solutions can be deployed without slowing down the process for developers.

Dufty is senior vice president for marketing at Sonatype, where she brings solutions to market that unite development, security and operations teams to accelerate software innovation while minimizing open source risk. She has more than 20 years of experience helping organizations leverage software technologies and services to better compete and serve their mission.

Athaide is head of cloud customer engagement at Standard Chartered Bank based out of Singapore. He built a DevOps platform by implementing an agile development approach with a high-caliber team to change the culture as well as raise the bar on engineering capability across the bank.

About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.