Case Studies

Northern Safety-case stady

Issue link:

Contents of this Issue


Page 1 of 3

The Challenge: Secure Coding Across All Projects The decision to adopt an open source vulnerability management platform came in no small part from their goal of being PCI-DSS compliant. As an online seller that processes payments online, the company's management took the position that protecting their customers' private information was important to them. To this end, they needed to implement a vulnerability management program for both their proprietary code and open source components, with minimal time consumption for their team. "Our documentation said to check for updates for their open source components once a quarter, and I kind of say this sarcastically," says Northern Safety & Industrial's Applications Development Manager Jeremy Bailey, explaining that even though the intention of the policy was to look at only sources that formed the major project that comprise their code, he throws in that, "even that wasn't realistic." According to his math, taking the time to manually check up on the all of the projects that his team was working on, including all of the plugins (30 or so by Bailey's count), JavaScript code, and other bits and pieces in those projects, was simply outside of his team's capacity. Add on top of this the time and effort needed to sort through the information on each component and find the right updates, and the task of keeping up with where they should be becomes near impossible. Bailey says that Northern Safety & Industrial makes a point of working according to best practices. He cites how seriously his team takes OWASP's Top 10 warning against using components with known vulnerabilities, noting the importance of "understanding which libraries you're using and knowing if there are any security vulnerabilities." Simply put, what Bailey and Northern Safety & Industrial needed was a tool that would automatically detect vulnerable open source components and help them to remediate quickly, leaving them to focus on developing. "I was able to bring [WhiteSource] to my boss as a ROI and told him, "Look, this pays for itself." " " Case Study | Northern Safety & Industrial

Articles in this issue

view archives of Case Studies - Northern Safety-case stady