even when OSS compliance occurs, infosec rarely gets automated access to data

InfoSec Use of Compliance Tools for Open Source Software

In our recent “Open Source in the Enterprise,” of the 500 respondents’ organizations utilizing an open source compliance tool or methodology, 29% affirmatively agreed that the Information Security function accesses data from the automated tools used for open source compliance. Another 37% answered “Don’t know,” indicating a dramatic lack of visibility between groups involved in the so-called DevSecOps ecosystem.

Types of breach protection projects that will be focused on in 2020

Don’t Forget Viruses, the Computer Kind

While the anti-virus market is passe and mature, security vendors continue to monitor for new threats and have embraced a broader category, endpoint detection and response (EDR), that combines elements of anti-malware with newer tools that provide real-time anomaly detection, forensic analysis and remediation capabilities. Unsurprisingly, EDR is poised for rapid growth.