The Risky Business of Open Source Libraries and What to Do About It
Veracode recently released its first State of Software Security: Open Source edition report to analyse data on open source libraries that could expose companies to data breach risk. We found that 71% of all applications contain flawed open source libraries, and that the majority of those flaws come from downstream dependencies that might escape the notice of developers. A single flaw in one library can cascade to all applications that leverage that code. Open source software has a surprising variety of flaws. An application's attack surface is not limited to its own code and the code of explicitly included libraries, because those libraries have their own dependencies. In reality, developers are introducing much more code, but if they are aware and apply fixes appropriately, they can reduce risk exposure.
What you will come away with:
- The prevalence of open source libraries in applications
- The types of vulnerabilities most common in open source libraries
- The best practices for addressing the security vulnerabilities in open source code