Top 10 open source software security risks — and how to mitigate them
- by nlqip
The OWASP Top 10 was originally created by Endor Labs, a software supply chain and application security company focused on the secure consumption of OSS, CI/CD pipelines, and vulnerability management. The project also included support from industry leaders such as Palo Alto, HashiCorp, and Citibank.
While traditionally vulnerability management has looked at known vulnerabilities, often in the form of Common Vulnerability and Exposures (CVE) lists, there is a growing realization that known vulnerabilities are lagging indicators of risk.
To mature the way we approach the use of open source, a paradigm shift is needed to look at leading indicators of risk, which are metrics that may signal that there is risk associated with particular OSS libraries, components, and projects that, when considered holistically, can help inform more secure consumption of OSS and mitigate potential risks that manifest into exploits and vulnerabilities.
Source link
lol
The OWASP Top 10 was originally created by Endor Labs, a software supply chain and application security company focused on the secure consumption of OSS, CI/CD pipelines, and vulnerability management. The project also included support from industry leaders such as Palo Alto, HashiCorp, and Citibank. While traditionally vulnerability management has looked at known vulnerabilities, often…
Recent Posts
- Bots, Hooks, Triggers And Agents: Five Things To Know About ConnectWise Asio
- AMD Nears A Quarter Of x86 CPU Market Share For PCs And Servers
- Critical Veeam RCE bug now used in Frag ransomware attacks
- ScanSource CEO Mike Baur Talks Reorganization, Acquisitions And Why He’s Bullish About Growth
- D-Link won’t fix critical flaw affecting 60,000 older NAS devices