Data Sheet: Securing Your Open Source Supply Chain
With more than 80% of application code being open source, and with dozens of new open source vulnerabilities being published each day, maintaining application security has never been more difficult. Here’s how you can better manage, secure and de-risk your Python, Perl and Tcl open source supply chains.
As enterprises have increased their reliance on open source software, open source supply chains have become more complex, and now feature:
- Millions of open source packages
- Thousands of new releases weekly
- Tens of vulnerabilities discovered daily
With more than 80% of application code being open source, maintaining application security has never been more difficult. The ActiveState Platform’s continuously updated service can help you better manage, secure and de-risk your Python, Perl and Tcl open source supply chains.
Complexity Increases Risk
Application security starts with a secure open source language environment, which means:
- Building all required open source components from source code rather than just installing pre-compiled binaries that may contain malicious code.
- Investigating reports of Common Vulnerabilities and Exposures (CVEs), as well as other issues in your environment as soon as they occur.
- Rebuilding the environment whenever a patch or new version is released that fixes a significant CVE or bug.
But if your developers are busy building, investigating or rebuilding their development environments, they’re not coding, which risks delaying time to market.
Automated, Continuous Updates
That’s where the ActiveState Platform comes in: it eliminates much of the complexity of building (and rebuilding) open source language environments from secure source code by automating everything from vulnerability remediation to dependency resolution to compiling linked C/Fortran libraries to packaging the environment for a target operating system.
The result is not only a more secure Python, Perl or Tcl environment, but also:
- Faster time to market, as developers spend more time coding and less time managing their development environment.
- Faster time to remediation of vulnerabilities, because you can see at a glance which dependencies are vulnerable, select an unaffected version, and automatically rebuild a secure environment.
- Increased customer satisfaction, since nobody likes using a buggy application.
Speed VS Security? No More.
Traditionally, enterprises sacrificed security in order to beat competitors to market, or else focused on security at the expense of missing market opportunities. By taking advantage of the ActiveState Platform’s automated capabilities, you can ship faster without compromising your code base.
The ActiveState Platform Provides:
- Application Security
Environments contain just the code required to run your application, reducing the number of potential vulnerabilities and shrinking the attack surface. - Regular Updates
our catalog of open source components is regularly refreshed from community sources, ensuring vulnerability fixes are available in a timely manner. - Vulnerability Status
be able to identify the number and severity of vulnerabilities in your Python or Perl environments at a glance - Vulnerability Remediation
find, fix and automatically rebuild vulnerable Python, Perl and Tcl environments, reducing Mean Time To Resolution (MTTR). - Provenance
Python, Perl and Tcl Environments built from source code help ensure security before you start building your applications.
Enterprise Customers Can Also Benefit From:
- Managed Environments
take advantage of a managed service that implements updates on a quarterly basis for you. - CVE Reports
email-able reports listing CVE criticality by Environment, so you can get the information in the hands of those that need it quicker. - Extended Support
if you’ve deployed applications built with Python 2 or older versions of Perl, ActiveState can provide you with fixes to vulnerabilities, ensuring you can continue to safely run your applications.
At ActiveState, we use our Platform to build not only our popular open source language distributions, but also custom environments for our enterprise clients (i.e. language builds containing just the packages their application requires). All environments created with the ActiveState Platform are built from source, assessed for CVEs, and can be updated in a timely manner.
Coders can use the Platform for free to build a Python, Perl, or Tcl environment for their project. Enterprise decision-makers can use this Data Sheet to help assess the risks in your supply chain.
To help you get started, we’ll scan your Python, Perl or Tcl application, and provide a risk assessment report. Reach out to our Enterprise Solutions Team for a free scan today!
For more information on team tier or enterprise pricing for our Platform, refer to our Platform Pricing or else contact Sales.
Related Resources
- [Data Sheet] ActivePython for Machine Learning: Transform Data Into Knowledge
- [Blog] TensorFlow Optimization Showdown: ActiveState vs. Anaconda
- [Blog] The Developer's Guide: Open Source Software License Comparison
- [Infographic] Understand Your Open Source Software Licenses
- [White Paper] How To Mitigate Open Source License Risks
- ActiveState Plans & Pricing