Author: lyra

Categories
Audit Case Study

Mitigating OSS Security Vulnerabilities to Stay Compliant

Introduction

The client in question is India’s largest fashion e-commerce company and biggest online shopping site for Fashion & Lifestyle. They are headquartered in Bengaluru. They are the one stop shop for all footwear, clothing, accessories, cosmetics and lifestyle products for both women & men featuring over 500 leading Indian and international brands. They aim to provide a hassle free and enjoyable shopping experience to shoppers across the country with the widest range of brands and products on their site. The brand is making a conscious effort to bring the power of fashion to shoppers with an array of the latest and trendiest products available in the country.

The Challenge

Today with numerous open source components available for developers to leverage on and build innovative products, most companies face the challenge of identifying what open source components are used, how to manage these open source components in their codebase and the security risks associated with them. Companies do not want to be in a situation where they are prone to hacker attacks and data breaches. At the same time for the usage of open source components,they do not want to face any copyright conjunctions from the code author. This is one of the reasons organizations go for open source audits.

The client’s main development headquarters centre housed many individual teams working on different areas of development of the e-commerce site. Each development business unit comprised many levels of subteams and each of these subteams worked on many repos and projects. With years of experience in conducting open source audits, the client approached Lyra to help them perform an open source audit on their code dumps. They wanted to address the challenge of whether their code was compliant with OSS policies and also check if the code is free from open source security vulnerabilities for the dependencies used.

The Solution

Combining a decade of Lyra’s open source audits expertise and the enterprise solution for code scans and finding security vulnerabilities, we first performed an open source audit with a total code size of close to 80 GB. We scanned the code to find the amount of open source code in the code base. Knowing the amount of open source code and creating a software inventory we analyzed the components for potential threats and known security vulnerabilities. We also checked if the code was compliant with open source policies or not. We created Jira tickets for all the issues we encountered with the respective client’s dev teams. As mentioned above, the total code size of 80GB was split up between individual development teams and multiple repos. Once the initial audit was done, we helped the client with sharing of first level individual and consolidated master reports for both FOSS Compliance and security vulnerabilities.

The Impact

In addition to the above,we created individual reports team wise, project wise and for the top level management to get a sense of the OS audit report. We made it so easy for team heads and repo heads to understand how many issues and problems were there in their respective teams as well as potential threats in individual repos or projects. Now, the top level management were able to get a very high level overview of the audit report. Once individual teams received info on the issues, we shared a master global combination of all the reports highlighting everything right from all the teams to repos and sub level projects.

Reports were further detailed and split for both FOSS Compliance and Security Vulnerabilities. Not only that, we even went ahead and shared a complete Dashboard view for top level management like VP, CTO to understand the number of issues, ones with high level, medium and low risk, how to remediate those issues, coordinate with app sec teams and the timeline for remediation.

Insights from the Codescans and Audits:

With respect to priority projects, from one of the code scans of a particular team’s code which was close to 1 Gigabyte of code to check for FOSS Compliance, we were able to find 28 P1 (high risk) and 29 P2 (medium risk) issues which needed immediate attention. With respect to finding security vulnerabilities for potential threats, we found 113 P1 (high risk) and 42 P2 (medium risk) issues for the dependencies used.

Similarly, for another priority project with a code size of 1 GB of code, we were able to find 20 P1 (high risk) and 18 P2 (medium risk) issues for FOSS compliance. And, for finding security vulnerabilities, our audits revealed 59 P1 (high risk) and 49 P2 (medium risk) issues.

We then shared these issues with the client for remediation of these issues in each of the priority projects. Lyra also provided consultation to get the fixes and solutions for the issues raised in FOSS compliance and OSS Security Vulnerabilities.

Based on the client’s teams remediation plan we at Lyra then worked on delta audits to check and verify the fixes done by the client’s teams and then again share the list of reports as shared earlier. This process of remediating the fixes and delta scans went on for 2-3 months with many iterations. As many as 358 issues were brought to notice with continuous engagement with the client for the above two priority projects.

Conclusion

With constant engagement with the client, Lyra were able to provide a complete list of issues and fix them for FOSS compliance and security vulnerabilities with issues-list drilled down by teams, sub teams, individual repos and for top level management. Thanks to numerous data-oriented master and consolidated reports, everyone in the development teams had a clear view of all the issues and the issues which needed remediation to stay compliant with open source policies and from potential attacks and data breaches.

Interested in an Open Source Audit for your company too? Get in touch with us today!

<Back to Blog
Talk to us
Related Post
SMART Dashcam with Advanced ADAS Capability

Introduction: SMART Automotive Dash Cam  A dashcam or dashboard camera is a recording device typically attached to the interior windscreen Read more

SMART Warehousing

SMART WarehousingAI driven using NBIoT with LTE connected RFID Readers Introduction - RFID RFID is a widespread remote identification sensing Read more

How Lyra Helped An Embedded GPS & Map Tracking Company With M&A Audits.

Introduction Our client is an upcoming, on-demand transportation and ride-sharing mobile technology company based in Singapore. They mainly deal with Read more

OSS Compliance Report to Secure Series Funding

Introduction Our client is India's largest fashion e-commerce company and biggest online shopping site for Fashion & Lifestyle. They are Read more

Categories
More Audit & Compliance

How to Manage Open Source Risk

Everything You Need To Know About Managing Open Source Risk

Over the years, Open Source growth has seen an exponential rise as many developers are consciously saving time and are making use of readily available open-source components, instead of writing code from scratch. Developers face tremendous pressure to push software sooner, speed up time-to-market, innovate and build awesome products with much shorter release cycles. As per a third party report, more than 80% of the code in today’s applications is open source. By using open source components, packages, and libraries in the code, developers can reap immense benefits. However, while using Open Source components and packages are perfectly justifiable, they also come with risks a.k.a. the open-source risks.

What developers, management, and even shareholders need to take into consideration while using the code in open source components is that these OS components may come with security vulnerabilities which hackers can take advantage of, leading to significant damage. That is why, risks in open-source frameworks, libraries or even in the code need to be identified and carefully managed.

Most development teams believe in the notion that open source code is clean and safe as it is developed and used by a large number of people who would have identified issues in the software. But in reality, apps that are built on open-source software do come with vulnerabilities some of which might be critical and can lead to data breaches, attacks, and compliance lawsuits. Not all vulnerabilities are the same, some may be critical, while others with a lesser impact on the organization. And since nobody is in charge of ensuring that vulnerabilities in open source code are published or patched, the open-source risk continues to be a serious problem for many development teams worldwide.

What causes Open Source Risk?

There are two main causes of risk in open source namely:

Security Vulnerabilities:

These may include known security vulnerabilities; vulnerabilities inherited from other libraries; vulnerabilities that had been fixed but reappear because of a version update; and zero-days and half-days vulnerabilities which we read about today for which very less information is known, making it possible for hackers and criminals to exploit them more easily.

License Compliance Risks

 With more than 1000+ open source licenses available, it becomes difficult and challenging for developers to keep track of each and every license and comply with all the legal requirements. Not complying with the terms of open source licensing is extremely tricky business. It leaves an organization open to lawsuits or situations where you might need to give up the exclusive ownership of the proprietary code. 

Asking the right questions before using the open-source code is absolutely necessary. Organizations along with their developers need to assess and ask themselves the following before even starting to use open-source code.

  • What Open Source components am I using?
  • What applications would use these open source components?
  • How would these applications be deployed?
  • Whether the license associated with the open-source component is high, medium or low risk?
  • Whether the Open Source license is commercial friendly?
  • Assessment of Open Source license requirements associated with the open-source component and effective fulfillment of these requirements.
  • Potential conflicts between the open-source component license and the end license of the product or application in which it is used.
  • Evaluating potential legal issues that may arise as a result of the use of these Open Source components.

Once you have clear cut answers to the above questions, the decision to use or reject the OS packages and components becomes much simpler.

How to manage and mitigate Open Source Risks?

To safeguard your organization from these security vulnerabilities, malware and ransomware you need to –

  1. Create and enforce open source policies:

Organizations must create a standardized open-source policy that outlines the use of how developers access and use open source components and packages, remediation plans, whitelisting/blacklisting code, processes, and workflows to follow, etc.

We at Lyra have helped numerous enterprises in creating open-source policies and also help standardize processes for organizations to enforce them.

  • Have an OSS Strategy and a framework in place:

An organization needs to have an OSS strategy and framework in place to effectively manage open source components and packages. Unless you have a plan of action on how to proceed further, it can lead to problems and failures at the same time damage your reputation in the long run. Organizations need to be proactive and identify risks and then have a framework in place to remediate those vulnerabilities soon.

  • Identify the amount of open source required and the vulnerabilities:

First, identify the number of open-source components being used by creating a bill of materials or a software inventory and where the vulnerabilities are present. Organizations can make use of specialized static analysis and scanning tools to scan code, list out the open-source code used within an application. Once this is available, you can then pass on to security teams to identify and scan those parts which might contain security vulnerabilities.

  • Update vulnerable Open Source Components:

Development and Security teams need to work together since updates to open source components can sometimes break your application. Teams need to keep testing open-source code in the early stages of the development cycle so as to not find vulnerabilities when the code is already in production. Only update those components which are deemed vulnerable by the security teams.

  • Updating OS versions to recent and secure releases promptly:

Your teams need to update open source versions to the latest stable and secure version to be protected from security vulnerabilities. Teams should also have a dedicated expert on the dev teams who will consistently monitor and keep checking the status of open source packages and updates and ensure that these updates are implemented promptly thereby building accountability.

  • Stopping Malware and Ransomware:

Enforcing warnings and alerting developers when they access vulnerable sources of component sites is the most recommended way to stay safe from these attacks. You can create and automate business rules in continuous integration systems where a build will fail if any vulnerable code with severe criticality and high open-source risk is being used within the application code.

Mitigate your Open Source Risk with Lyra

From full software packages to code snippets, our enterprise SCA solutions scan your source code, binaries, and dependencies for software vulnerabilities and license compliance issues. We integrate with common build tools and provide one of the largest open-source knowledge bases in the industry, with more than 14 million components and support for 25+ languages and 70+ extensions, giving you access to data of vulnerability from multiple sources, including NVD and Secunia Research. 

With our Enterprise Solutions you get an end-to-end integrated scanning tool to find security vulnerabilities for development, legal and security teams, set and manage policy for use of open source and third-party software, reduce open source security risk and manage license compliance with a complete end-to-end system. It’s easy to empower your organization to manage open-source software (OSS) and third-party components.

Lyra has over a decade of experience in code scanning and open source audits. We will help you get a sense of what amount of open source code is in your application, is the open-source code vulnerable, does it contain security vulnerabilities, issuing alerts for new vulnerabilities, remediation plans for securing vulnerable OSS components and at the same time help you stay compliant with respect to different open source licenses. Our audit teams also provide support for baseline audits and due diligence for events like mergers and acquisitions.

Contact us today to know how we can help remediate associated risk while you build your products during their entire lifecycle.

<Back to Blog
Talk to us
Related Post
Enhance Male Sexual Functionreal Mens Dickstrusted Since

Enhance Male Sexual Functionreal Mens Dickstrusted Since Although Teacher Tan has a bad temper penis big sex, she is respectable. Read more

Increase Size, Lenghth And Girthayurvedic Medicine For Thyroid In Hindicombat Erectile Dysfunction, Boost Sexual Satisfaction

Increase Size, Lenghth And Girthayurvedic Medicine For Thyroid In Hindicombat Erectile Dysfunction, Boost Sexual Satisfaction It doesn t seem good Read more

Virmax Natural Male Enhancement Tabletsherbs For Sexvirmax Natural Male Enhancement Tablets

Virmax Natural Male Enhancement Tabletsherbs For Sexvirmax Natural Male Enhancement Tablets But they are soldiers. Why is my cock so Read more

2019’S Best Erection Pills Revealeddoes Yohimbe Work For Erectile Dysfunctionhow To Get Your Penis Bigger In 2 Weeks

2019’S Best Erection Pills Revealeddoes Yohimbe Work For Erectile Dysfunctionhow To Get Your Penis Bigger In 2 Weeks The pharmacist Read more

Categories
Uncategorized

Fast Shipment In 48Hbest Libido Boosters For Womenenhancing Sex Drive, Minimizing Erectile Dysfunction

Fast Shipment In 48Hbest Libido Boosters For Womenenhancing Sex Drive, Minimizing Erectile Dysfunction

After Zhang left how to have long time intercourse, he did not come out for a long time. Female orgasm drug The person from the squad came over, admitted that he had been caught by mistake, and let him go home.Du Weng left after leaving, and met six or seven women on the way.They were all beautiful.Du Weng was moved and followed them.After walking down the main road and on a small road, after another dozen steps, Zhang heard loudly calling from behind Brother Du, where are you going to go Du was obsessed with these women and did not answer.Suddenly seeing these women enter a corner door, he recognized that this was the Wang s house selling liquor, and he leaned into the door without notice.
Nestled in the seat man sex with men, Lan Jue felt uncomfortable no matter what. Natural supplements for penis enlargement But he didn t dare to lift the armrest on Zhou Qianlin s side anymore, no matter how uneasy he was, he was really afraid of Tan Lingyun.It s okay to fall, the key is shame As the flight time increases, people who were a little excited about flying into space at the beginning gradually become tired, and Lan Jue is not the only one who feels uncomfortable in the economy class.Zhou Qianlin closed her eyes and seemed to be asleep.She unknowingly leaned against Lan Jue, with her head resting on his shoulder.
The configuration of the Zeus II before the upgrade of the Zeus II is basically the same. Testosterone and penis size The old bookworm helped him upgrade the Zeus One male enhancement en español, and then left the upgrade methods, but it hasn t had time to upgrade the Zeus II and Zeus III.Even so, the extreme speed of Zeus II can still reach the speed of light.A person flying a spacecraft in space has a different feeling.In a lonely environment, it will always make people more quiet and more able to fall into deep thinking.Lan Jue was sitting in front of the main console with his fingers moving in rhythm, constantly tapping the keyboard in front of him.
Mo Yu s communication sent a confirmation from his companion. What makes a man last longer in bed Accelerate forard ed acoustic wave therapy, battle formation.Mo Yu immediately issued the order.As a king level mecha division, the absolute core of the team, he rushed to the forefront, and the to sordsman V type mechas ere in front of him.Slightly rearard position on the left and right sides.The six Pikemen V type mechs are further back, and they move forard hile guarding them.At the same time, the six Pikemen V type mechas also surround the Guardian III type mechs to protect them.
Ning Xuanji sneered and said how to maintain an erection longer, Little Water Pirate, tell Master Dao and I will give you some ideas. Best testosterone booster supplement reviews If you dare to speak ill of me, Master Dao, I castrated you, believe it or not Lu Jianghe said aggrieved I didn t say a word., I don t even have a voice transmission Ning Xuanji coldly snorted, Your eyes are wrong Don t play with Dao Master, I am a person who has lived for hundreds of years.I know how you look at your eyes.You can t hold back any good farts Chu Xiu couldn t help coughing.If this person in front of the real martial arts practitioners knew about it, it might be possible for some disciples to commit suicide on the spot.Those disciples may not be able to bear it.Ning Xuanji, who has been touted for five hundred years, has been shaped into the fairy of the myths and legends of the rivers and lakes, is such a virtue.At this time, Ning Xuanji turned his gaze to Chu Xiu again, and sneered Boy, you must be slandering Dao Master in your heart now, am I Don t think I dare not slap you.

Related Post


Bestgood Penis Widthnatural Supplements For Sexual Stamina


Bestgood Penis Widthnatural Supplements For Sexual Stamina Ask for monthly tickets and recommended tickets. Dhea benefits for males To be Read more


Zyrexin World’S Strongest Sexual Enhancer Tabletsenduros Male Enhancement Supplement Blackways To Keep A Strong Erection


Zyrexin World’S Strongest Sexual Enhancer Tabletsenduros Male Enhancement Supplement Blackways To Keep A Strong Erection But after all libido max Read more


Youtubewhat Is The Best Test Boosterviasil Male Potency Formula


Youtubewhat Is The Best Test Boosterviasil Male Potency Formula Da Guangming Temple is headed by Xuyun at this time. How Read more


Ed Treatmenthtx Male Enhancementincreased Blood Flow To The Cavernous Tissues Of The Penis


Ed Treatmenthtx Male Enhancementincreased Blood Flow To The Cavernous Tissues Of The Penis But the woman was already awake and Read more

Categories
Product & Partnerships Whitepaper

5 Ways Lyra Can Help You With Remote Support & Access In These COVID Times!

The COVID-19 outbreak has driven a lot of organizations to think on their feet and virtualize almost overnight. Now, most employees work either from home or remotely. Companies have set in place their business continuity plans, disaster recovery plans or pandemic policies and are hurrying to build the infrastructure to support the work-from-home initiative. This has led to an increase in demand for remote support and access tools to support businesses and improve productivity.

Lyra’s remote support and access tools are ready to support your IT teams, support teams and MSPs with secure, reliable and affordable solutions.

Whether you’re looking to generate more revenue for your MSP business or looking for ways to support your internal team and employees of your organization, read on below to see why Lyra’s Remote Support solutions can be a strategic technology choice for your business. These are some of the 5 ways Lyra can help.

1. Being Available Even In Unavoidable Situations

In the circumstances where one of your IT tech team members cannot be at the office or attend work, we can ensure that work continues in his absence and everything does not grind to a halt. In such situations, we can make it easier for your other team members to take remote control of the computers they manage right from their home pc or even from their mobile phones so they take care of the critical tasks even if they are not in the office.

2. Reduction In Tool Based Costs

Lyra partners with the top vendors of remote support and access tools. This enables us to suggest the best ways of cutting down costs drastically, based on the features you require and the budget you’ve kept aside. Moreover, we can also help you devise an ROI document plan which can show you how to reduce tool costs by up to 50% when you switch from another remote access solution.

3. Flexibility To Add IT Members, As Your Team Grows

By using Lyra’s partnered Remote support & access tools, you get the flexibility to add members as and when your team grows. You can also get in touch with us, at any point, to add additional technician licenses to your existing plan. You can easily switch plans as you add more managed computers and devices or if you want to create additional features to your existing plan. You get a prorated price that gives you full credit for your current subscription.

4. 24/7 Support

Our sales team is available 24/7 to answer any of your questions or help you choose the best remote support and access solutions for your custom needs.  If you need help during your trial or subscription or if you have any queries with regards to the product, our Support team is just available via mail or call. And you can be assured that our recommended solution as per your requirement is safe & secure and is a trusted solution that has been proved with millions of remote access users and thousands of five-star ratings across top review sites.

5. Access from anywhere and save travel time

With our tools, you don’t have to waste time travelling from one place to another to get things done. Business professionals and owners will find how fast, simple, and secure it is while using Lyra’s remote support and access solutions. It’s simple to get unattended remote access to your Windows, Mac, and Linux computers from Windows, Mac, iOS, Android, or even Chrome browser/Chromebooks. For support desks and helpdesk users too, you can provide On-demand attended and unattended secure remote support solutions just by session codes. This saves a lot of time moving from one location to another to either get things done or provide support.

So send us your requirements at sales@lyrainfo.com to assist you further with respect to remote support and access. We would be happy to attend to any of your queries on the same.

<Back to Blog
Talk to us
Related Post
6 Reasons Why VPN Can’t Support All Your Remote Access Needs

The COVID-19 outbreak has led to a lot of organizations adapting to virtual communication almost overnight. While some companies already Read more

Categories
Open Source Services Case Study

How Lyra Infosystems helped a Premier Law firm with ERP Implementation!

Introduction

This client is a leading full-service law firm located in Mumbai, with more than a decade of experience offering high-quality legal advice and services to its customers.

The Challenge

Enterprise Resource Planning (ERP) software takes time and resources to be successfully implemented, without which they are likely to fail. Our client needed ERP solutions to help them manage cases, legal proceedings, legal documents from clients, information on next hearing dates and a system which could help them bill their customers based on proceedings, etc. Here is when our team at Lyra reached out to them as a proven vendor with vast amounts of experience in building high-quality and successful ERP implementations.

The Solution

Lyra Infosystems built a robust solution for their custom needs. This solution is an all-in-one, affordable and intuitive legal practice management software designed for the modern law firms. Our client was able to get the advantage of a complete case management software solution organized with contacts, calendars, cases, documents, time tracking, and billing. In this solution, we also built an integrated client portal and other associate access so that everyone stays informed and connected.

 Key Implementations:

  • Organizing Cases and Matters
  • Tasks Management
  • Proceedings Management
  • Bulk Cases Creation
  • Invoice Generation based on Tasks Completion
  • Consolidated Bill Generation
  • Shared Firm Calendars and Reminders
  • Contact Management
  • Proceedings and Tasks Notifications & Alerts
  • Human Resources Management
  • Timesheet Management and Raising bills based on the Timesheet
  • Document management for each matter
  • Client Portal and Client Tasks management
  • Pending Tasks management
  • Proceedings Missing dates management

 The Impact

After the implementation of the custom solution our client was able to simplify the below tasks:

  • Managing customers, firm employees, associates, arbitrators were super efficient and in one place.
  • Managing case matter details and assignees, associated tasks for that case sheet and cost details related to the case sheet are now readily available.
  • Allocating and managing tasks involved for each case sheet and notifying the relevant person and the associated teams about deadlines were crystal clear.
  • Managing the proceeding details of the case and next proceeding dates for the case was visible for all members of the case. In addition, if the next proceeding date is not yet informed, reminder alerts were implemented for the concerned person about the unscheduled dates.
  • Creation of multiple cases of the same case type for different parties could now be easily implemented without any hassle.
  • Invoicing for completed tasks, hours spent based on the timesheet and expenses involved can be generated instantly.
  • A single consolidated bill creation based on multiple case sheets could be generated easily.

If you have any queries or require ERP solutions for your business, get in touch with us by sending your requirements at sales@lyrainfo.com. We would be happy to help!

<Back to Blog
Talk to us
Related Post
SMART Dashcam with Advanced ADAS Capability

Introduction: SMART Automotive Dash Cam  A dashcam or dashboard camera is a recording device typically attached to the interior windscreen Read more

SMART Warehousing

SMART WarehousingAI driven using NBIoT with LTE connected RFID Readers Introduction - RFID RFID is a widespread remote identification sensing Read more

How Lyra Helped An Embedded GPS & Map Tracking Company With M&A Audits.

Introduction Our client is an upcoming, on-demand transportation and ride-sharing mobile technology company based in Singapore. They mainly deal with Read more

OSS Compliance Report to Secure Series Funding

Introduction Our client is India's largest fashion e-commerce company and biggest online shopping site for Fashion & Lifestyle. They are Read more