Top 10 open source software security risks — and how to mitigate them
- by nlqip
The OWASP Top 10 was originally created by Endor Labs, a software supply chain and application security company focused on the secure consumption of OSS, CI/CD pipelines, and vulnerability management. The project also included support from industry leaders such as Palo Alto, HashiCorp, and Citibank.
While traditionally vulnerability management has looked at known vulnerabilities, often in the form of Common Vulnerability and Exposures (CVE) lists, there is a growing realization that known vulnerabilities are lagging indicators of risk.
To mature the way we approach the use of open source, a paradigm shift is needed to look at leading indicators of risk, which are metrics that may signal that there is risk associated with particular OSS libraries, components, and projects that, when considered holistically, can help inform more secure consumption of OSS and mitigate potential risks that manifest into exploits and vulnerabilities.
Source link
lol
The OWASP Top 10 was originally created by Endor Labs, a software supply chain and application security company focused on the secure consumption of OSS, CI/CD pipelines, and vulnerability management. The project also included support from industry leaders such as Palo Alto, HashiCorp, and Citibank. While traditionally vulnerability management has looked at known vulnerabilities, often…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA