Trends and dangers in open-source software dependencies

A C-suite perspective on potential vulnerabilities within open-source dependencies or software packages reveals that, while remediation costs for dependency risks are perilously high, function-level reachability analysis still offers the best value in this critical area, according to Endor Labs. The research is based on analysis of Endor Labs vulnerability data, the Open Source Vulnerabilities (OSV) database for comparison, information from customer tenants, and Java Archives (JARs) of hundreds of versions of the top 15 open source dependencies to compute breaking changes.

Source: Help Net Security

 


Date:

Categorie(s):

Tag(s):