Top 10 open source software security risks — and how to mitigate them
- by nlqip
The OWASP Top 10 was originally created by Endor Labs, a software supply chain and application security company focused on the secure consumption of OSS, CI/CD pipelines, and vulnerability management. The project also included support from industry leaders such as Palo Alto, HashiCorp, and Citibank.
While traditionally vulnerability management has looked at known vulnerabilities, often in the form of Common Vulnerability and Exposures (CVE) lists, there is a growing realization that known vulnerabilities are lagging indicators of risk.
To mature the way we approach the use of open source, a paradigm shift is needed to look at leading indicators of risk, which are metrics that may signal that there is risk associated with particular OSS libraries, components, and projects that, when considered holistically, can help inform more secure consumption of OSS and mitigate potential risks that manifest into exploits and vulnerabilities.
Source link
lol
The OWASP Top 10 was originally created by Endor Labs, a software supply chain and application security company focused on the secure consumption of OSS, CI/CD pipelines, and vulnerability management. The project also included support from industry leaders such as Palo Alto, HashiCorp, and Citibank. While traditionally vulnerability management has looked at known vulnerabilities, often…
Recent Posts
- Applied Digital CEO Wes Cummins Talks Nvidia, Liquid Cooling, And Finding Capacity Amid ‘This Big Infrastructure Revolution’
- Intel Stock Rises After Report Says It’s An ‘Acquisition Target’
- CISA and FBI Release Updated Guidance on Product Security Bad Practices | CISA
- IBM Looks To Purchase Oracle Consultancy Amid HashiCorp Scrutiny
- Cybersecurity Snapshot: CISA Lists Security Features OT Products Should Have and Publishes AI Collaboration Playbook