The Burden of Liability Shifts to Software Manufacturers and Publishers
SolarWinds security breach
White House Executive Order 14028 kickstarts numerous cybersecurity improvement initiatives.
National Institute of Standards and Technology (NIST) publishes the NIST Software Supply Chain Security Guidance and the NIST Secure Software Development Framework (SSDF).
U. S. Office of management and budget introduces memorandumm-22-18, which formalizes the NIST framework as mandatory for secure software development infederal government agencies and their software vendors.
Circle Cl security breach.
White House publishes the National Cybersecurity Strategy, emphasizing the need to improve open-source software security through the implementation of NIST SSDF guidelines. The strategy assigns responsibility for insecure software to manufacturers and software publishers.
Threat actors target open sources, and open-source security solutions cannot protect your organization.
Open-source software comes with inherent vulnerabilities. If you work with sensitive data or in a highly regulated industry, you may expose potential risks when using platforms like PyPI or Conda-forge, and these responsible open-source software maintainers have cautioned makers that these packages are not for business use.
Policy controls are a necessity, and they are only your first line of defense.
Data breaches are becoming more common and costly. Strategic security policies and controls are your first line of defense against cyber threats. The open nature of these platforms can make these measures complex and resource-intensive. You may find you need to assemble multiple bespoke solutions to scan, control artifacts, and build policies.
The burden of liability is shifting to software manufacturers and publishers.
Cybersecurity frameworks, like the one created by the U.S. National Institute of Standards and Technology (2023), emphasize the shared responsibility of all stakeholders in securing the digital ecosystem. They recommend conducting risk assessments, implementing security measures, and reporting incidents. Non-compliance can lead to penalties and reputational damage.
Anaconda Can Help
Meet Our Open-Source Security Experts
Hassam is Anaconda’s lead Senior Sales Engineer. With a deep background in open-source technologies and vendor applications in the enterprise data science space, Hassam helps commercial clients across all industries implement and adopt best practices for open-source governance and vulnerability management.
Fara is a Sales Engineer at Anaconda. With over 15 years of experience across technical and strategic roles including Solution Architect, Sales Engineer, Implementation, and Project Management, Fara helps commercial clients securely leverage open-source tools.
Frank is Anaconda’s Principal Solutions Architect. With a wealth of experience designing and implementing solutions for some of the world’s largest financial institutions, Frank helps organizations leverage open-source software to execute high-value initiatives without compromising on security and governance.