It lists the ten most important risks (security and/or ops) in order of severity, providing a description, examples, remediation and further reference sources. The hope is to emulate for OSS what the OWASP Top Ten provides for web application security. Its Station 9 research team has now developed and published a report ( PDF) on the Top Ten Open Source Software Risks. It comes without warranties or SLAs we are usually unaware of the developers of this development tool and it can introduce major security risks (just think Log4J) without our awareness.Įndor Labs, a startup headquartered in Palo Alto, CA, and founded in 2021 by Dimitri Stiliadis (CTO) and Varun Badhwar (CEO), is a firm focused on the complexities and threats contained in the growing use of OSS in commercial application development. The problem here is that we know very little about the source of the open source we use. It is not uncommon for more than 80% of modern application code to come from OSS, and it is therefore here to stay (at least until some new technology can provide faster yet still inexpensive software development). Use of OSS is effectively free and readily available – it satisfies the commercial need for speed at low cost in software development. Endor Labs has introduced an OWASP-style listing of the most important or impactful risks inherent in the use of open source software (OSS).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |