Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How do I deploy secure open source code for cloud?

Open source code can bring flexibility and agility to a cloud environment. But are there any quick ways to make sure it's secure?

Today, most app developers incorporate code from open source development projects as a way to reduce development...

time and improve overall code quality. This code can be part of an actual cloud suite, such as OpenStack, or support tools, ranging from compilers to storage managers and a variety of app modules.

But using the hundreds of available code repositories as sources -- while trying to pick the most appropriate open source code -- is a complex task that may open the door for malware. Beyond the risk of hacked code lies the question of code quality. To ensure you're using reliable and secure open source code, confirm that the code is well designed and documented, and that it was tested rigorously for wide use.

The consensus of other users is often the best first guide on code quality issues. The open source community is pretty vocal on issues, and will warn you away from poor code. OpenStack code, for example, is highly scrutinized and tightly controlled; any issues surface quickly because of the large developer and user community surrounding it. Other resources for discovering code quality issues are the Programmers Stack Exchange or Stack Overflow.

The open source community is pretty vocal on issues, and will warn you away from poor code.

With malware, however, it's different. Sometimes a problem can lay dormant or undetected for a long time. Ruby on Rails, a popular open source framework, had undetected vulnerabilities going back six years, for example.

To make sure you deploy secure open source code, look under the hood. Use the most recognized and trusted repositories -- such as GitHub and OpenStack's Image Service -- as a source. There are also app stores where signed code from trusted vendors is available, with the ability to check signatures for the lifetime of the code.

Next, look for code that's commonly used and avoid the inclination to try other code simply because it's different. "Common use" means many testers have run that piece of code and it's likely to work to specification.

Chris Wysopal of Veracode discusses the risks of externally sourced code and monitoring its use. Find out steps you can take to manage open source code security.

None of this would have caught the Ruby on Rails issues, though. Track the Open Web Application Security Project's list of application vulnerabilities for early news of issues with commonly used open source code.

Version management is also important to ensure secure open source code. Don't implement a new code version into your cloud unless there is a consensus that it's safe. On the other hand, make sure to update versions together to ensure closure on known security bugs. A version manger will be useful for this.

Open source code use has come a long way in the last few years, and is a mainstay development today. It can help development teams implement new cloud apps more quickly, and be as safe as in-house code -- with the right amount of care.

Next Steps

Manage your cloud with these five open source tools

Evaluate the pros and cons of an open source model

Unsecure open source code impacts vendors

This was last published in August 2016

Dig Deeper on Open source cloud computing

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What security challenges have you encountered with open source code?
Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchVMware

SearchVirtualDesktop

SearchAWS

SearchDataCenter

SearchWindowsServer

SearchCRM

Close