Application Security , DevSecOps , Events

Open Source Components: Safety Checks Required

Synopsys's Steve Giguere Talks Crowdsourcing, Code Quality, DevSecOps Challenges
Steve Giguere, Security Strategist, Synopsys

Open source software components may be free, but that doesn't automatically make them safe to use. "There can be risks involved ... with using open source," says Steve Giguere, a security strategist at Synopsys.

See Also: Accelerating defense missions with a global data mesh

Those risks are due in part to - and compounded by - organizations' time-to-market pressures and need to integrate new features as quickly as possible. As a result, "if there are vulnerabilities in that open source, they often become public vulnerabilities and it becomes a race against time as to whether your deployed application is vulnerable and how fast you can fix it."

In a video interview at the recent Infosecurity Europe conference in London, Giguere discusses:

  • Managing open source components;
  • How to put code reviews into practice;
  • Agile development, the rise of DevSecOps and the state of secure coding.

Giguere is a lead sales engineer at Synopsys, where he works tirelessly to encourage firms to build security into their software development lifecycle.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.