Red Hat
Tidelift
One of the biggest concerns with modern patch management is that we haven’t truly challenged our thinking around “patching everything” in 40 years. Yet available evidence shows that most vulnerabilities do not and will not ever see exploitation. In this conversation with Tidelift CEO and co-founder Donald Fischer, Red Hat VP of Product Security Vincent Danen will challenge some of the common perceptions about open source software security. By changing how we think about open source security from an exercise in creating “vulnerability-free” software (a compliance-driven exercise) to one where the purpose is minimizing the potential or severity of a breach (a risk-driven exercise), we may actually reduce our security costs and improve our outcomes at the same time.
One of the biggest concerns with modern patch management is that we haven’t truly challenged our thinking around “patching everything” in 40 years. Yet available evidence shows that most...
10 questions you should answer before using an open source project
When it comes to open source software security, many organizations rely heavily on software scanning (often called software composition analysis or SCA) as the primary means of defense.
The value of a proactive approach to open source application security
Learn how one large organization saved over $1.6M in manual package evaluation time and eliminated over 3,000 points of risk in applications running in production.
.png)
The guide to reducing security risk from bad open source packages
In this guide, we'll discuss how your organization can reduce risk by avoiding “bad” open source packages.