Linux Polska is working on designing and creating an innovative system that will enable a comprehensive analysis of risk related with the usage of open source software and assessment of its susceptibility to cyber attacks in accordance with national regulations on the security of the IT systems. The solution will help organizations that use open source software in their business processes to meet the security requirements and manage risk appropriately. As a result, this will allow for a better assessment of software security and stability of its use in the IT ecosystem and will ensure the continuity of operation of critical systems. The project is co-financed by the European Regional Development Fund under the Smart Growth Operational Programme.
Open source software is gaining popularity and is increasingly used in business, which is also confirmed in research. The 2022 State of Open Source report shows that 77% of respondents reported an increase and 36% a significant increase in the use of open source software in their organizations over the past year [1]. In Poland, open source software has been used by over 600,000 people. times [2]. At the same time, the growing risk of cyberattacks induces the IT managers to deepen the security analysis of the software used and to better manage it. According to IDC, spendings on IT security in Europe will increase to face the growing threat of cyberattacks 3.
says Tomasz Dziedzic,
Chief Technology Officer at Linux PolskaNowadays, open source software has become essential for creating innovations and security strategies. Due to the continuous development and growing popularity of software designed in the social model, the security and quality of its code is becoming crucial. The process of development of the open source software may involve certain risks, such as attacks on providers and utilities, hostile takeover of projects or inappropriate actions of contributors. That is why Linux Polska is working on an innovative risk analysis system in an open source software to allow the customers to obtain reliable information on the level of security of projects and aids in choosing and using safe software packages. Our mission is to improve the adoption of the open source software and to reduce the cost and risk in using it for our customers. We believe that this solution will bring significant value, increasing the stability and availability of systems based on open source in the key areas for the functioning of the state, such as public administration, telecommunications, banking, energy and health care.
The system which is being designed by Linux Polska, in addition to the standard vulnerability assessment, also takes into account other important risk factors, such as software composition analysis and threats specific to open source software related to its production, development and maintenance. The system will analyze individual elements and the interdependencies between them, including the dependencies between the software and its components (e.g. libraries). The result of the analysis will be the total cumulative indicator informing about the risk.
Additionally the applied risk assessment model will examine the compliance of the software with Polish guidelines on cyber security such as the National Cybersecurity Standards (NSC).
Such a broad approach, which uses additional sources of information, crucial in terms of risk management, allows for achieving a comprehensive overview of the potential threats with which the usage of open source software may be involved. It will allow for a deeper and more conscious evaluation of its security and stability of usage in an IT ecosystem.
As part of this initiative Linux Polska is also announcing the creation of a software distribution module with which its users will be able to download proven packages of open source software coming from the community projects and consisting of the current data about the risk.
The recipients of the project are mostly entities operating in the financial, telecommunication and public administration sectors, who utilize the open source software in their business processes and need utilities to effectively manage the risk that is associated with their operations.
The project called “Risk analysis system of the software packages originating in the open source projects” is co-financed from the funds of the European Regional Development Fund as a part of the Smart Growth Operational Programme. The goal of the programme is to design and create a prototype of a production and distribution system of software originating in the projects with open source code while simultaneously fulfilling the security and risk management requirements set by critical systems.
This endeavor will be implemented in two phases each lasting six months. In the first phase a risk assessment model will be prepared, in the second – a prototype of a solution for the analysis of the risk integrated with the software distribution platform.
Sources:
1. The 2022 State of Open Source Report
2. Built With, Open Source Usage Distribution in Poland
3. IDC Spending Guide, Worldwide Security Spending Guide