how temenos manages open source use, the easy way combined
TRANSCRIPT
How Temenos Manages Open Source Use, the Easy Way
Martin Bailey, Product Director – Enterprise Software, Temenos Group AG
Rami Sass is CEO and Co-Founder of WhiteSource
Agenda and Logistics
Temenos
Effortless management of open source components
WhiteSource Demo
Q&A
Please type questions in the control bar
Full answers will be sent by email
4
Innovation led
World’sleading banking
software company
World class delivery
No.1 2000+ installations in 150+ countries
469m USDrevenuesin 2014
4,000+employees in
72 internationaloffices
135 go lives in 2014
Strength and depth: 1,000+ consultants, 100 concurrent projects
Community of 2,000+certified partner consultants
Highest level of R&D in the industry to drive innovation
Regular software upgrade strategy
Passion for standards and openness
Temenos – a global market leader
5
Powerhouse in financial software
500 million
US$115m
38
US$5 trillion
of top 50 banks use Temenos
In annual R&D in assets processed through Temenos software
customers rely on Temenos for daily banking needs
6
Nice to meet you
Martin BaileyProduct Director – Enterprise Software at Temenos
• Leads team of product groups and architects• In charge of the technology that is the basis for all
of Temenos’ solutions
8
Looking for the Right Solution
The manual option: error prone and time consuming
Looked for an open source management solution that:• Provides an always up-to-date open source report• Offers full licenses, compliance, security alerts and
version information• Enables continuous vetting of open source
components as they are added• Easy to use• Saves time• Low cost of ownership
9
Open source inventory and vetting
Error prone WhiteSource automatically discovers all of open source components, including dependencies
Time consuming Always up-to-date inventory on hand
Report is a button click away
Before After
10
License Compliance
No way of vetting open source components before they are used
A policy was set in the WhiteSource system with a black list of forbidden licenses and a white list of
permitted licenses
If a forbidden license is discovered, development time is wasted
Based on lists, open source components are vetted as they are added by developers (during the build)
Before After
11
Security Vulnerabilities and New Versions
Occasional manual search for security vulnerabilities WhiteSource alerts on security vulnerabilities, fixes and new versions for all components used
Before After
12
The WhiteSource Implementation
Install plugin < 1 hour
Set up policy – 30 minutes
--------------------------------------
< 90 minutes start to finish
Reward: open source serenity Up-to-date accurate report, on hand at all timesLicense compliance issues in checkOpen source vulnerabilities and new version alerts
Open source is great ...
If used right, open source components substantially boost
developers productivity
Focus on core capabilities
Rely on true and tested code
*Source: Gartner User Survey Analysis: Open-Source Software, Worldwide
According to Gartner, 85% of commercial software vendors rely heavily on open
source to boost productivity and remain competitive*
But, if Improperly Managed…
License Risks and Compliance Issues
Security Vulnerabilities, Quality risks and compliance Issues
Eat into the value of open source, and bring substantial legal, technical, and business risks
License Risks and Compliance
Difficult to properly track all open source and comply with their licenses
Large gaps between reported and actual*
Difficult to identify all dependencies, which may have different license
(64%)*
Difficult to enforce licensing policy*
*WhiteSource data
Open source is free, but comes with a license. Incompliance
results in legal, security, and business risks.
Security Vulnerabilities
Defects and vulnerabilities exist in open source as in any software
70% of apps include vulnerabilities*
Defect rate in open source is similar to other applications*
Everyone tests their own code.
But, testing open source is “out of process” for most developers. When a fix
vulnerability is detected, they will never know, nor update to fix it
24% of commercial software includes vulnerable open source libraries**
85% of projects have outdated open source libraries**Sources: *Coverity, Veracode, **WhiteSource
If your product contains vulnerable open source libraries, your
product is vulnerable. Period.
License Risks And Compliance
Automatically detect and document open
source inventory
Automatically identify all licenses,
including dependencies
Automate enforcement of organizational
license policy
Automate documentation during version
release
Security and Quality
Proactive alerts on security
vulnerabilities that affect you
Proactive alerts on fixes and
new versions
Detect libraries that you no
longer use
Automatic. Easy. Agile. Integral part of your development lifecycle
Wide range of OOTB plugins to leading build tools
Send signatures of libraries (not the code!) to WhiteSource
Entire open source content is discovered and categorized
Open source policy can be enforced (including stop build)
Take developers out of the loop
Saves time. Lets developer focus on their work.
Increase precision and timeliness. Reduce errors.
Thank You!
Our website:www.whitesourcesoftware.com