DevOpsSec: Being Outnumbered by Open Source & Third-party Components

Derek E. Weeks
Sep 25, 2015 · 2 min read

By Derek E. Weeks

Last week, I visited a company very well known in the U.S. financial services and insurance (FSI) industry. Their teams have been on the front lines of security and legal compliance for about six years, assessing all of the open source and third-party components their developers are freely bringing into their business. They consume over 1 million components annually across four major development languages.

The demand for open source components has been driven by development teams with shorter time to market objectives for a portfolio of over 500 applications. Why build from scratch what you can source in seconds?

This business saw the writing on the wall. Their development processes had changed, while their compliance processes had not kept up. When they performed a simple calculation on the number of people required to keep up with the compliance checks at their new development velocity, they reached an ugly conclusion. Over 100 compliance analysts would be required to keep pace. Ugh.

I can hear you now. “That’s not us.”

Think again.

The average development organization consumes 240,000 open source and third-party components annually. This is you.

Developers have long been addicted to the velocity offered by these open source and third-party components.

For compliance, audit, security, and legal professionals — there is a simple truth: automation is your only answer. When you are outnumbered and outgunned, there is no other option.

Last week, I was also invited by the Open Web Applications Security Project’s (OWASP) New York City chapter to share the research I have done in this area. I simply delivered the facts to help improve awareness of today’s development practices. My aim – to open a conversation that has been needed for years.

You can enjoy the OWASP discussion in the video below.

Compliance at Velocity

Successful companies express Compliance as Code

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store