管理组织中的开源软件安全.pdf

《管理组织中的开源软件安全.pdf》由会员分享，可在线阅读，更多相关《管理组织中的开源软件安全.pdf（18页珍藏版）》请在三个皮匠报告上搜索。

1、 Okta and/or its affiliates.All rights reserved.Okta and/or its affiliates.All rights reserved.Managing Open Source Software Security in Your OrganizationJos Carlos ChvezSecurity Software Engineer Okta Okta and/or its affiliates.All rights reserved.Jos Carlos ChvezSecurity Software Engineer-OktaPeru

2、vianOpen Source enthusiastOWASP Coraza WAF Co-leaderLoving father of 2Mathematician in quarantinejcchavezs Okta and/or its affiliates.All rights reserved.Open Source Okta and/or its affiliates.All rights reserved.Why do we use Open Source Software in the enterprise?1.It is free and publicly availabl

3、e.2.It is flexible and general purpose.3.It is(usually)stable.4.Fosters ingenuity,creativity and innovation.5.In many cases,it comes with a built-in community that brings support and continuously improves the source code.6.It has shared maintenance costs across active users.7.It is the future.jcchav

4、ezs Okta and/or its affiliates.All rights reserved.Open Source in numbers Software Supply Chain Statistics,2023 Sonatype 9th Annual State of the Software Supply ChainEcosystemTotal projectsTotal project versionsYoY download growthJava(Maven)557K12.2M25%Javascript(npm)2.5M37M18%Python475K4.8M31%.NET(

5、NuGet Gallery)367K6M43%Totals/Averages3.9M60M33%96%of the total codebases contained open source77%of all code in the total codebases originated from open source Synapsys OSSRA 2024jcchavezs Okta and/or its affiliates.All rights reserved.Okta and/or its affiliates.All rights reserved.Open Source in n

6、umbers Software Supply Chain Statistics,2023 Sonatype 9th Annual State of the Software Supply Chain Published CVE Records per year from cve.orgEcosystemTotal projectsTotal project versionsYoY download growthJava(Maven)557K12.2M25%Javascript(npm)2.5M37M18%Python475K4.8M31%.NET(NuGet Gallery)367K6M43%