SolarWinds security breach
Open-Source Software Risks are Increasing
If your organization uses open-source software, Python, and R, your supply chain may be at risk.
Anaconda is the only provider with a trusted source for open-source packages, tokenized access for users, software bill of materials, and vulnerability curation. Let our security experts help you identify your unique risk areas and provide customized next steps to enhance the security of your open-source software supply chain.
The Burden of Liability Shifts to Software Manufacturers and Publishers
Sept 2019
May 2021
White House Executive Order 14028 kickstarts numerous cybersecurity improvement initiatives.
Feb 2022
National Institute of Standards and Technology (NIST) publishes the NIST Software Supply Chain Security Guidance and the NIST Secure Software Development Framework (SSDF).
Sept 2022
U. S. Office of management and budget introduces memorandumm-22-18, which formalizes the NIST framework as mandatory for secure software development infederal government agencies and their software vendors.
Jan 2023
Circle Cl security breach.
Mar 2023
White House publishes the National Cybersecurity Strategy, emphasizing the need to improve open-source software security through the implementation of NIST SSDF guidelines. The strategy assigns responsibility for insecure software to manufacturers and software publishers.
Threat actors target open sources, and open-source security solutions cannot protect your organization.
Open-source software comes with inherent vulnerabilities. If you work with sensitive data or in a highly regulated industry, you may expose potential risks when using platforms like PyPI or Conda-forge, and these responsible open-source software maintainers have cautioned makers that these packages are not for business use.
Policy controls are a necessity, and they are only your first line of defense.
Data breaches are becoming more common and costly. Strategic security policies and controls are your first line of defense against cyber threats. The open nature of these platforms can make these measures complex and resource-intensive. You may find you need to assemble multiple bespoke solutions to scan, control artifacts, and build policies.
The burden of liability is shifting to software manufacturers and publishers.
Cybersecurity frameworks, like the one created by the U.S. National Institute of Standards and Technology (2023), emphasize the shared responsibility of all stakeholders in securing the digital ecosystem. They recommend conducting risk assessments, implementing security measures, and reporting incidents. Non-compliance can lead to penalties and reputational damage.
Anaconda Can Help
Meet Our Open-Source Security Experts
Hassam Mian
Hassam is Anaconda’s lead Senior Sales Engineer. With a deep background in open-source technologies and vendor applications in the enterprise data science space, Hassam helps commercial clients across all industries implement and adopt best practices for open-source governance and vulnerability management.
Fara Manjili
Fara is a Sales Engineer at Anaconda. With over 15 years of experience across technical and strategic roles including Solution Architect, Sales Engineer, Implementation, and Project Management, Fara helps commercial clients securely leverage open-source tools.
Frank Yang
Frank is Anaconda’s Principal Solutions Architect. With a wealth of experience designing and implementing solutions for some of the world’s largest financial institutions, Frank helps organizations leverage open-source software to execute high-value initiatives without compromising on security and governance.