October 21, 2021 By Stephen Nolan 2 min read

Cybersecurity incidents are among the greatest threats facing organizations today. In the wake of recent high-profile software supply chain attacks, the US Federal government has taken bold action to strengthen the country’s cyber resilience. On 12 May 2021, President Biden issued a widely anticipated Executive Order on Improving the Nation’s Cybersecurity, which calls for stringent new security guidelines for software sold to the federal government, and has wide-ranging implications that will ripple across the entire software market.

Despite the troubling frequency of malicious attacks, most organizations still have only a partial view of the make-up of their software applications. This partial knowledge leaves them exposed to unknown software component vulnerabilities and hampers any response efforts.

Anaconda asked about open source security in our 2021 State of Data Science survey, and the results were surprising:

  • 87% of respondents said they use open source software in their organization.
  • 25% are not securing their open source pipeline.
  • 20% did not report any knowledge about open source package security.

We also found that in organizations that aren’t using open source software today, the most common barrier to entry is security concerns, including fear of common vulnerabilities and exposures (CVE), potential exposures, or risks. It’s no secret that open source software is key to accelerating the development of new business ideas—not only by saving time, but by allowing greater collaboration and assembling more minds to solve for some of the world’s toughest challenges.  With the increased visibility and involvement from third parties, however, these benefits come with exposure to potential risk. IT departments need solutions that support innovation but also provide governance to mitigate the damage from any attack or exposure.

Providing security and trust in open source

CVE matching and remediation information enables an organization to build a secure supply chain tailored to their unique needs and policies. For example, one foundational cybersecurity practice is to consult CVE databases and scores regularly to guard against the risk of using vulnerable packages and binaries in applications. Anaconda Repository for IBM Cloud Pak® for Data automates this process by allowing IT security administrators to filter access to packages and files against a curated database of known vulnerabilities. This effort-saving feature frees developers and data science teams to focus on building models.

Collaborating to confront risks head-on

The Executive Order includes many additional steps to improve cybersecurity, such as providing a software bill of materials (SBOM) that enables potential software consumers to know exactly how something is developed. These additional steps are essential for mitigating the many malicious cyber campaigns aimed at gathering critical information and disrupting operations across the nation. As society continues to become more and more technologically driven, vulnerabilities are inevitable. However, a spirit of transparency and collaboration—when combined with the right tools—will help enterprises guard against potential breaches and hacks to their systems, so they can continue to innovate and safely collaborate in the open source ecosystem.

_____________________________________________________

Anaconda Repository for IBM Cloud Pak for Data helps organizations identify vulnerabilities and enables greater control over open source packages in use by allowing admins to block or safelist packages based on IT policies and CVE scores.

Watch this on-demand webinar to learn how you can secure open-source data science in the enterprise.

Learn more about Anaconda Repository for IBM Cloud Pak for Data.

Was this article helpful?
YesNo

More from Business transformation

5 steps for implementing change management in your organization

5 min read - Change is inevitable in an organization; especially in the age of digital transformation and emerging technologies, businesses and employees need to adapt. Change management (CM) is a methodology that ensures both leaders and employees are equipped and supported when implementing changes to an organization. The goal of a change management plan, or more accurately an organizational change plan, is to embed processes that have stakeholder buy-in and support the success of both the business and the people involved. In practice,…

4 ways generative AI addresses manufacturing challenges

4 min read - The manufacturing industry is in an unenviable position. Facing a constant onslaught of cost pressures, supply chain volatility and disruptive technologies like 3D printing and IoT. The industry must continually optimize process, improve efficiency, and improve overall equipment effectiveness. At the same time, there is this huge sustainability and energy transition wave. Manufacturers are being called to reduce their carbon footprint, adopt circular economy practices and become more eco-friendly in general. And manufacturers face pressure to constantly innovate while ensuring…

Business process management (BPM) examples

7 min read - Business Process Management (BPM) is a systematic approach to managing and streamlining business processes. BPM is intended to help improve the efficiency of existing processes, with the goal of increasing productivity and overall business performance. BPM is often confused with other seemingly similar initiatives. For example, BPM is smaller in scale than business process reengineering (BPR), which radically overhauls or replaces processes. Conversely, it has a larger scope than task management, which deals with individual tasks, and project management, which…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters