InfoSec Use of Compliance Tools for Open Source Software

even when OSS compliance occurs, infosec rarely gets automated access to data

Stop asking about how to integrate security into the development pipeline and start talking about how open source compliance is utilized by information security professionals.

Security professionals are dissatisfied with how legacy application security software has been utilized by developers. They think if their tools were easier to integrate and more accurate, then developers would be more likely to adopt them, according to WhiteSource Software’s recent survey, which compared answers from over 220 security professionals with those from over 280 software developers, architects and DevOps practitioners.

But ease of integration may not be holding developers back. While 48% of the security respondents thought the ease of integration is the most important feature for developers adopting a specific AppSec tool, only 22% of developers thought likewise. The discrepancy is because a lot of developers don’t think any additional feature would make them more likely to use a tool built for a security pro.

The complete article can be found here.