October 21, 2021 By Stephen Nolan 2 min read

Cybersecurity incidents are among the greatest threats facing organizations today. In the wake of recent high-profile software supply chain attacks, the US Federal government has taken bold action to strengthen the country’s cyber resilience. On 12 May 2021, President Biden issued a widely anticipated Executive Order on Improving the Nation’s Cybersecurity, which calls for stringent new security guidelines for software sold to the federal government, and has wide-ranging implications that will ripple across the entire software market.

Despite the troubling frequency of malicious attacks, most organizations still have only a partial view of the make-up of their software applications. This partial knowledge leaves them exposed to unknown software component vulnerabilities and hampers any response efforts.

Anaconda asked about open source security in our 2021 State of Data Science survey, and the results were surprising:

  • 87% of respondents said they use open source software in their organization.
  • 25% are not securing their open source pipeline.
  • 20% did not report any knowledge about open source package security.

We also found that in organizations that aren’t using open source software today, the most common barrier to entry is security concerns, including fear of common vulnerabilities and exposures (CVE), potential exposures, or risks. It’s no secret that open source software is key to accelerating the development of new business ideas—not only by saving time, but by allowing greater collaboration and assembling more minds to solve for some of the world’s toughest challenges.  With the increased visibility and involvement from third parties, however, these benefits come with exposure to potential risk. IT departments need solutions that support innovation but also provide governance to mitigate the damage from any attack or exposure.

Providing security and trust in open source

CVE matching and remediation information enables an organization to build a secure supply chain tailored to their unique needs and policies. For example, one foundational cybersecurity practice is to consult CVE databases and scores regularly to guard against the risk of using vulnerable packages and binaries in applications. Anaconda Repository for IBM Cloud Pak® for Data automates this process by allowing IT security administrators to filter access to packages and files against a curated database of known vulnerabilities. This effort-saving feature frees developers and data science teams to focus on building models.

Collaborating to confront risks head-on

The Executive Order includes many additional steps to improve cybersecurity, such as providing a software bill of materials (SBOM) that enables potential software consumers to know exactly how something is developed. These additional steps are essential for mitigating the many malicious cyber campaigns aimed at gathering critical information and disrupting operations across the nation. As society continues to become more and more technologically driven, vulnerabilities are inevitable. However, a spirit of transparency and collaboration—when combined with the right tools—will help enterprises guard against potential breaches and hacks to their systems, so they can continue to innovate and safely collaborate in the open source ecosystem.

_____________________________________________________

Anaconda Repository for IBM Cloud Pak for Data helps organizations identify vulnerabilities and enables greater control over open source packages in use by allowing admins to block or safelist packages based on IT policies and CVE scores.

Watch this on-demand webinar to learn how you can secure open-source data science in the enterprise.

Learn more about Anaconda Repository for IBM Cloud Pak for Data.

Was this article helpful?
YesNo

More from Business transformation

Attention new clients: exciting financial incentives for VMware Cloud Foundation on IBM Cloud

4 min read - New client specials: Get up to 50% off when you commit to a 1- or 3-year term contract on new VCF-as-a-Service offerings, plus an additional value of up to USD 200K in credits through 30 June 2025 when you migrate your VMware workloads to IBM Cloud®.1 Low starting prices: On-demand VCF-as-a-Service deployments begin under USD 200 per month.2 The IBM Cloud benefit: See the potential for a 201%3 return on investment (ROI) over 3 years with reduced downtime, cost and…

Empower your technical staff with hands-on technology training

2 min read - With a vast amount of technology training and education available today, it’s difficult to know what deserves your attention and what’s just a marketing ploy. Furthermore, most training and education in technology is only offered through text or video, meaning that the learner doesn’t have an opportunity to apply the theory that they are learning. This naturally reduces the effectiveness of the training. Few programs offer to integrate and weave new training into the pre-existing training that is offered within…

7 customer experience trends in 2024

6 min read - Customer experience (CX) defines a customer’s journey with a company, including both direct and indirect touchpoints. Businesses that place the emotional needs of the buyer persona at the forefront of the customer experience strategy fosters great relationships. Forrester reports that customer experience is a high priority for about 75% of global business and technology professionals and their organizations. However, finding ways to increase customer engagement and brand loyalty can be a challenge. Here are seven customer experience trends that can…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters