How Temenos Manages Open Source Use, the Easy Way

Martin Bailey, Product Director – Enterprise Software, Temenos Group AG

Rami Sass is CEO and Co-Founder of WhiteSource

Agenda and Logistics

Temenos

Effortless management of open source components

WhiteSource Demo

Q&A

Please type questions in the control bar

Full answers will be sent by email

Martin BaileyHow Open Source Management Became EffortlessIEEE Webinar

4

Innovation led

World’sleading banking

software company

World class delivery

No.1 2000+ installations in 150+ countries

469m USDrevenuesin 2014

4,000+employees in

72 internationaloffices

135 go lives in 2014

Strength and depth: 1,000+ consultants, 100 concurrent projects

Community of 2,000+certified partner consultants

Highest level of R&D in the industry to drive innovation

Regular software upgrade strategy

Passion for standards and openness

Temenos – a global market leader

5

Powerhouse in financial software

500 million

US$115m

38

US$5 trillion

of top 50 banks use Temenos

In annual R&D in assets processed through Temenos software

customers rely on Temenos for daily banking needs

6

Nice to meet you

Martin BaileyProduct Director – Enterprise Software at Temenos

• Leads team of product groups and architects• In charge of the technology that is the basis for all

of Temenos’ solutions

8

Looking for the Right Solution

The manual option: error prone and time consuming

Looked for an open source management solution that:• Provides an always up-to-date open source report• Offers full licenses, compliance, security alerts and

version information• Enables continuous vetting of open source

components as they are added• Easy to use• Saves time• Low cost of ownership

9

Open source inventory and vetting

Error prone WhiteSource automatically discovers all of open source components, including dependencies

Time consuming Always up-to-date inventory on hand

Report is a button click away

Before After

10

License Compliance

No way of vetting open source components before they are used

A policy was set in the WhiteSource system with a black list of forbidden licenses and a white list of

permitted licenses

If a forbidden license is discovered, development time is wasted

Based on lists, open source components are vetted as they are added by developers (during the build)

Before After

11

Security Vulnerabilities and New Versions

Occasional manual search for security vulnerabilities WhiteSource alerts on security vulnerabilities, fixes and new versions for all components used

Before After

12

The WhiteSource Implementation

Install plugin < 1 hour

Set up policy – 30 minutes

--------------------------------------

< 90 minutes start to finish

Reward: open source serenity Up-to-date accurate report, on hand at all timesLicense compliance issues in checkOpen source vulnerabilities and new version alerts

Open Source License and Security Management

Practice Safe Open Source

Open source is great ...

If used right, open source components substantially boost

developers productivity

Focus on core capabilities

Rely on true and tested code

*Source: Gartner User Survey Analysis: Open-Source Software, Worldwide

According to Gartner, 85% of commercial software vendors rely heavily on open

source to boost productivity and remain competitive*

But, if Improperly Managed…

License Risks and Compliance Issues

Security Vulnerabilities, Quality risks and compliance Issues

Eat into the value of open source, and bring substantial legal, technical, and business risks

License Risks and Compliance

Difficult to properly track all open source and comply with their licenses

Large gaps between reported and actual*

Difficult to identify all dependencies, which may have different license

(64%)*

Difficult to enforce licensing policy*

*WhiteSource data

Open source is free, but comes with a license. Incompliance

results in legal, security, and business risks.

Security Vulnerabilities

Defects and vulnerabilities exist in open source as in any software

70% of apps include vulnerabilities*

Defect rate in open source is similar to other applications*

Everyone tests their own code.

But, testing open source is “out of process” for most developers. When a fix

vulnerability is detected, they will never know, nor update to fix it

24% of commercial software includes vulnerable open source libraries**

85% of projects have outdated open source libraries**Sources: *Coverity, Veracode, **WhiteSource

If your product contains vulnerable open source libraries, your

product is vulnerable. Period.

WhiteSource Makes It Whole Again

Automated

Agile

Easy-to-use

Affordable

License Risks And Compliance

Automatically detect and document open

source inventory

Automatically identify all licenses,

including dependencies

Automate enforcement of organizational

license policy

Automate documentation during version

release

Security and Quality

Proactive alerts on security

vulnerabilities that affect you

Proactive alerts on fixes and

new versions

Detect libraries that you no

longer use

Automatic. Easy. Agile. Integral part of your development lifecycle

Wide range of OOTB plugins to leading build tools

Send signatures of libraries (not the code!) to WhiteSource

Entire open source content is discovered and categorized

Open source policy can be enforced (including stop build)

Take developers out of the loop

Saves time. Lets developer focus on their work.

Increase precision and timeliness. Reduce errors.

One Word:

Effortless

Demo

Thank You!

Our website:www.whitesourcesoftware.com