More and more developers have turned to open source as a means to enable greater collaboration and transparency in application development, but the technology’s arrival also presents new security vulnerabilities that must be addressed. Credit: iStock/Mikhail Blavatskiy Open source has seen a great deal of momentum among mainframers, making collaboration easier and providing greater transparency. But for all of its benefits, open source is not without risks. By its very nature, open-source code is accessible to whoever wants to see it—including potential attackers. That means an attacker looking to crack into an organization’s systems could simply examine the readily available open-source code and pick out vulnerabilities to exploit. Overall, open source has incredible potential to help transform the way mainframe applications are managed, but it comes with risks that need to be properly addressed. So, where do businesses and IT leaders stand on the use of open source in the context of mainframe security? What are their concerns? And what’s being done to secure the mainframe as open source becomes an increasingly common tool for developers? Rocket Software recently conducted a survey of 250 global IT directors and vice presidents in companies with more than 1,000 employees to find out. Let’s take a closer look at how these respondents view open source and mainframe security. Open-source security on the mainframe Open-source software has moved far beyond being a buzzword. Today, it’s a critical tool for organizations as they push to modernize in place with the mainframe. The collaborative element of open-source development means that the broader community is typically able to respond quickly to any issues, applying patches and fixes to critical vulnerabilities and exposures (CVE). But in a mainframe setting where IT leaders often deal with ported instances of open-source tools and languages—like a ported instance of Git operating on z/OS—those fixes and updates may not always make their way into the mainframe. That means the open-source components embedded within mainframe applications, if not managed properly, could hold serious gaps in security and integrity. Among other mainframe security challenges with open source, there can also be compliance concerns that arise if an organization were to incorporate unsupported open-source software into its mainframe applications. Keeping open source secure on the mainframe So, we know the concerns that come along with the use of open-source software. But are the businesses and IT teams that lean on these tools prepared to handle those risks and respond accordingly? The good news is, based on the findings of Rocket Software’s survey, The State of Mainframe Security, it’s clear that the security of open source used on the mainframe is something organizations are taking very seriously. Organizations understand just how important proactivity is to ensuring security, as 62% of survey respondents reported that their organizations routinely conduct vulnerability assessments and security audits. And another 58% of respondents said they engage in continuous monitoring and updating of open source to address security patches promptly. IT leadership in these businesses also understand the importance of preparing staff, too. Among respondents, 54% said they were training developers on best practices for secure coding and popper usage of open-source components. But respondents aren’t just relying on proactive measures; many reported having strong processes in place for managing the risks associated with open-source software on the mainframe. Eighty percent said they have a well-defined process for managing and monitoring the usage of open-source software in mainframe environments. The state of open source on the mainframe At a time when cyber threats are rapidly evolving, the ability of the open-source community to address vulnerabilities and put out updates and fixes has become critical. Fortunately, among survey respondents, 78% of organizations reported being highly confident in the open-source community’s ability to do just that and act quickly. Even as organizations get a handle on the way open-source software impacts their mainframe applications and security, it’s crucial that they work with a trusted source that can ensure critical updates and patches are ported to z/OS systems. Learn more about how organizations are balancing the growing use of open-source software with mainframe security. Related content brandpost Sponsored by Rocket Software Why data virtualization is critical for business success Data is your most valuable resource—but only if you can access it fast enough to address present challenges. Data virtualization is the key. By Milan Shetti, CEO of Rocket Software Nov 28, 2023 4 mins Digital Transformation brandpost Sponsored by Rocket Software The hybrid approach: Get the best of both mainframe and cloud Cloud computing and modernization often go hand in hand, but that doesn’t mean the mainframe should be left behind. A hybrid approach offers the most value, enabling businesses to get the best of both worlds. By Milan Shetti, CEO Rocket Software Nov 28, 2023 4 mins Digital Transformation brandpost Sponsored by Rocket Software The future of IT: what we can learn from the mainframe As new and novel technologies emerge, innovation alone isn't enough - they must make themselves necessities woven into everyday life. By Milan Shetti, CEO Rocket Software Nov 13, 2023 4 mins Digital Transformation brandpost Sponsored by Rocket Software Bringing together DevOps and mainframe security As more businesses look to modernize their DevOps toolchains, evolving security challenges have made DevSecOps a critical component of ensuring an organization is able to secure its mainframe operations. By Milan Shetti, CEO Rocket Software Nov 13, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe