How to reduce your organization's reliance on "bad" open source packages

Open source software is an amazing resource and it is nearly impossible for organizations to build applications without using open source. Our own surveys and those from other reputable sources have found that up to 98% of applications today contain open source.

However, not all open source packages are created equally, and it matters which ones you choose. Some packages are simply bad for enterprise use (perhaps they were developed as fun hobby projects); some have been abandoned; still others were carefully deprecated and end-of-lifed for very good reasons.

When you don’t have a continuous view of where end-of-lifed, abandoned, or insecure packages exist in your applications, your only defense is to scan for existing vulnerabilities and fix what you find.

Bad packages lead to more vulnerabilities—many of which are difficult to fix. This is slowing your application development team down, and creating additional invisible risk for your security team to manage. In this webinar, we help you uncover ways to reduce your organization’s reliance on bad open source packages and ensure the open source you use keeps getting better. This way, you can proactively reduce the chances of being impacted by a future vulnerability like the xz utils backdoor or Log4Shell:

We covered 4 critical ways organizations can quickly start reducing their reliance on bad packages:

• Evaluating packages before pulling them in for application development
• Actively monitoring the open source packages in use
• Identifying and eliminating potentially bad packages already adopted
• Reinforcing at-risk packages to keep them from becoming bad

When you watch this webinar, you’ll come away with new strategies your organization can use to improve the overall health and resilience of your open source software supply chain.