Linux Polska has achieved an important milestone in the project to create an innovative open source software risk analysis system. This system will provide enterprises with an invaluable tool that enables thorough assessments of the security and stability levels of open source software used in IT ecosystems, in accordance with Polish cybersecurity regulations. The project is co-financed by the European Regional Development Fund under the Smart Growth Operational Program.
Currently, open source software is an increasingly used component in IT environments. However, the growing complexity of the applications makes it difficult to access the information about the validity and security of individual components. This poses a potential threat to the organization’s security through the unknowing usage of software in critical applications over which one does not have full control.
The risk analysis system designed by Linux Polska is the answer to these challenges. It supports the risk estimation by obtaining information about the origin of components, their current versions or the activity of projects producing them. As a consequence, it enables a long-term and thorough assessment of the security level and stability of open source software, as well as effective management of technological risk related to its use in the IT ecosystems.
The utility will be connected to a website offering the possibility to download proven and safe open source software packages of known origin. This will allow to use this type of software consciously and to easily obtain information about the risks associated with its use.
Linux Polska has prepared a risk analysis model for software packages originating in open source projects, which utilizes the CVSS (Common Vulnerability Scoring System) approach. Thanks to this, users of open source software will be able to identify the potential gaps and vulnerabilities, which allows them to gain a complete picture of the situation and, as a result, effectively defend against the cyber threats. The produced prototype is currently in testing.
The next step is to fully integrate the risk assessment solution with the website, providing the open source software for the users.
It is also worth noting that the solution is adapted to the Polish market and regulations, such as the National Cybersecurity Standards (NSC).
About the project:
The project “System of risk analysis in software packages from open source projects” is co-financed by the European Regional Development Fund under the Smart Growth Operational Program. The aim of the project is to design and create a prototype system for the production and distribution of software from open source projects, while meeting the security and risk management requirements of critical systems. Learn more about this project.