More than you might think. Just as the reliance on a single species of vulnerable-to-blight potato created widespread devastation in 1800s Ireland, today’s reliance on vulnerable components creates a similar ripple effect. In both cases, compromise of a single vulnerability spread its consequences widely and rapidly. The Potato Famine’s consequences were obviously more devastating, but although data breaches thus far have only primarily had financial implications, what if the breaches shift to critical infrastructure as a target?
The headlines about high-profile breaches caused by the Apache Struts 2 component are shining a light on the vulnerability, and damaging effects, of open source component use. But there is no easy solution. Forbidding the use of open source components would be like forbidding progress and innovation; their use is, in fact, necessary and beneficial in today’s fast-paced development environments. So what should organizations do? Controlling how and where developers use these components is nearly impossible, not to mention keeping track of which versions of components are where in your application landscape.
In Episode 9 of our AppSec in Review podcast, Veracode’s Director of Corporate Communications Jessica Lavery talks with Evan Schuman about this complicated problem and some ways that companies can start tackling it.
This is a Security Bloggers Network syndicated blog post authored by firstname.lastname@example.org (sciccone). Read the original post at: RSS | Veracode Blog