Flexera, the company that’s reimagining how software is bought, sold, managed and secured, today announced an unprecedented open source security offer for InstallShield owners, in celebration of its 30th anniversary. InstallShield is the industry standard for development teams creating Windows desktop, server and cloud installers on more than 500 million devices. It has consistently set the global standard for automated Microsoft Windows software installation solutions since 1987, and continues to drive reliability for software suppliers and buyers.
To help celebrate its 30th Anniversary, users who are current on InstallShield Maintenance can now subscribe at no charge to FlexNet Code Aware, Flexera’s leading, automated open source risk assessment and package discovery solution. FlexNet Code Aware allows software developers to quickly scan their products for security and Intellectual Property (IP) compliance risks – before products ship.
“It’s critical that engineers are aware of open source security and compliance risks, and embed better processes into their installation builds to minimize those risks. Failing to do this has serious consequences, evidenced all too well in the recent Apache Struts 2 related data breach that put 143 million Equifax consumers’ personal data at risk,” said Jeff Luszcz, Vice President of Product Management at Flexera. “InstallShield is the only installation development solution in the world empowering developers to automatically check for open source security and compliance risk as part of the build process, setting the foundation for a vulnerability-free build while also ensuring a smooth, error-free installation. By running a quick scan in the daily build, InstallShield becomes the first line of defense against Open Source Software (OSS) vulnerabilities such as Apache Struts.”
FlexNet Code Aware, integrated in InstallShield, allows software developers to embed open source security into the very heart of the software development process, with automatic open source analysis detection. Today’s offer providing a free FlexNet Code Aware subscription to all InstallShield users will empower more than 100,000 developers already using InstallShield to secure the software supply chain, reducing their products’ exposure to open source vulnerabilities and license compliance risk.
Why Open Source Security Scans Are Important
The use of open source components in software development is skyrocketing. A decade ago, developers were using less than 100 open source libraries per release. Today, some industries are using more than 1,000. In addition, developers are often not aware of the risks contained in the open source code they use.
Over 50 percent of a software product is open source – developed outside the organization. According to Flexera’s recent Open Source Risk – Fact or Fiction? report:
• No OSS Policy is Bad Policy: Only 37 percent of respondents have an open source acquisition or usage policy.
• 63 percent say either their companies don’t have an open source acquisition or usage policy, or they don’t know if one exists.
• No One’s in Charge of OSS: 39 percent of respondents said that either no one within their company is responsible for open source compliance – or that they don’t know who is.
• OSS Contributors Aren’t Following Best Practices: 33 percent of respondents say their companies contribute to open source projects.
• But, of the 63 percent who say their companies don’t have an open source acquisition or usage policy, 43 percent said they contribute to open source projects.
And as a whole, developers are only aware of up to four percent of the third-party software that comprises their products. As open source dependency increases, developers need to be good corporate citizens and truly understand the vulnerability risk and compliance requirements they are inheriting from the open source code they use. FlexNet Code Aware, integrated with InstallShield, identifies the libraries developers are using, and what the associated licensing terms are to ensure compliance.