"We have processed fixes for the top 100 open source repositories"

Q Could you provide an overview of Persistent Systems' work in open source?

A. At Persistent, we recognise the significance of open source, both as contributors and consumers. Over the last few years, we have launched several solutions to enhance open source security. We have developed a green open source repository, which serves as an alternative for our customers. This ensures that they receive immediate fixes in compatible versions, helping them integrate updates seamlessly into their products.

Our Centre of Excellence (COE) for open source focuses on securing the entire open source supply chain. We have developed our own technology stack while also partnering with premium agencies. Our work includes identifying vulnerabilities, determining necessary paths for remediation, providing actual fixes, and making them available to the community. This ensures that enterprises receive timely solutions, keeping their systems secure.

We also offer a free service called Open Source Hub, available on our website. This allows developers to link their products and gain insights into potential vulnerabilities and remediation paths. The remediation process could involve applying an available fix, upgrading to a more secure version, or, if no solution exists, receiving a custom fix from us.

One of our key initiatives is DEVSource, a developer community designed to address security vulnerabilities in open source. We use generative artificial intelligence (AI) to automate code fixes, reducing the time required to resolve security issues with our proprietary platform SASVA.

Q How do you ensure security in open source software?