Enterprises rely heavily on open source software. By one estimate, all cloud computing projects use open source elements.
And open source is more than just the Linux operating system. The number of open source tools and applications is growing rapidly, especially for cloud native applications and web services.
But the use of open source raises security concerns. It’s not that open source is insecure. It is more that organisations lack a clear view of where they are using open source, whether the code is being maintained, and which systems depend on it.
That includes internal development, and the supply chain
Then there is the issue of skills. Finding skilled people to develop and maintain open source is not easy. Finding people who understand open source and cloud native technologies, and security, is harder still.
All this makes open source security a hidden problem. And it is made worse by a lack of skills and training, especially for organisations that have, to date, relied on on-premises technology.
But, according to our guest for this episode, is there is a base line of security knowledge for open source. That knowledge is shared through organisations such as CNCF.
Nigel Douglas is head of developer relations at Cloudsmith, and was previously senior open source security architect at Sysdig.
He argues that there is a wider challenge facing enterprises that move from monolithic and on-premises technology to modern, cloud architectures. And security skills and training have to be part of that move.
This episode was recorded when Nigel Douglas was at Sysdig.
