About the author:
Software of uncertain provenance (SOUP), also known as software of uncertain pedigree, is being increasingly implemented in business software. Third-party applications provide a competitive advantage, improve productivity and enhance companies’ ability to deliver more sophisticated products and services.
But SOUP creates a host of uncertainties and security concerns which, without proper additional security measures, can drastically alter the security of a software infrastructure and even the functionality of established programs. Thanks to improvements in vendor application security testing, it’s possible to capitalize on the advantages of SOUP without increasing security risks.
SOUP increasingly used by modern enterprises
Due to increases in the sophistication of software, enterprises today are relying more heavily on software of uncertain provenance to perform essential processes. It’s often less expensive to invest in third-party software than it would be to develop proprietary software internally.
Third-party applications can often improve productivity and efficiency in an industry, placing those who readily adopt new technologies at an advantage. Third-party software is often the driving force behind both innovation and competition in increasingly technologically savvy industries.
Electronic health records (HER), for instance, are increasingly used by physicians and other healthcare providers. EHR is a perfect example of SOUP that could pose a major safety risk to consumers if breached, exposing the private health information, social security numbers and financial information for thousands of patients. But as of 2011, 20 to 70 percent of physicians (depending on specialty) were already using EHR that meets federal standards.
Overall, nearly half (42 percent) of physicians had adopted an EHR system meeting federal standards. Provided that security risks are mitigated through adequate security measures, EHR improves billing accuracy, streamlines patient scheduling and allows for better coordination of care between providers. This is just one example of why SOUP is being increasingly utilized in business software today.
Consumer demand makes it impossible to ignore SOUP
Applications are the basis for a significant portion of activity both online and off today. Popular social media platforms integrate with a variety of third-party applications to enhance the user experience. Facebook, for instance, partners with Wildfire to allow brands to run contests on the platform. Even Bloomberg recently introduced an app portal to make it easier for subscribers to capture and utilize its data.
Consumers use applications on their smartphones, tablets, laptops and even desktops to do everything from organizing their schedules to socializing with friends and performing work when they’re on the road. More companies are utilizing third-party applications to schedule field workers and keep them connected to the company’s main office, streamline shipping and receiving, reduce procurement costs and more.
Software supply chain security facilitates secure SOUP implementation
When SOUP is involved in governing integral systems which, if breached or malfunctioning, pose risks to consumer safety, the software supply chain must be effectively secured. This is an undertaking more easily said than accomplished, as many major enterprises rely on hundreds or thousands of vendors—who in turn may rely on hundreds or thousands of vendors themselves.
While this was and continues to be a significant concern when it comes to SOUP, modern security measures are alleviating some of these risks. Solutions such as vendor application security testing can analyze the source code of third-party software applications—before those programs are ever utilized or integrated with existing software—against an enterprise’s existing security protocols. This ensures that any application developed externally meets minimum security standards as established by the company. In other words, it’s at least as secure as the company’s existing software.
Fergal Glynn is the Director of Product Marketing at Veracode analysis tools, an award-winning application security company specializing in spoofing attack guide and other security breaches with effective risk assessment tools