Black Duck CEO Warns About Vulnerabilities In Open Source

/**/ /**/

When it comes to educating employees about security, Burlington, Mass.-based Black Duck Software CEO Lou Shipley said developers are one of the most important groups on which to focus.

’You have to teach the developers, at the front end of the development process, choose the most secure open-source projects or any third-party projects,’ said Shipley.

Shipley, who spoke on a panel at the MassTLC Security Conference this week, said open-source components are frequently and easily breached.

Sponsored post

’If you want to know how to exploit open-source [projects], just go to YouTube and you’ll see how to do it. It’s that easy,’ he said.

For that reason, Shipley said, ’education starts at the front end of the development cycle.’

But it’s just not that simple.

’It creates sort of a friction point, because developers really want to get their software out fast,’ Shipley said.