Q&A: Experts Weigh in on the Hidden World of Shadow Code
Earlier this month, PerimeterX co-hosted a Tweet Chat with IT Security Guru on the topic of Shadow Code and invited a variety of industry experts including analysts, influencers and executives to weigh in on this little-known threat. The conversation lasted for an hour and delved into the issue from the perspective of DevOps, IT security, e-commerce and beyond. Participants included the following individuals:
- Ameet Naik, Cybersecurity Evangelist, PerimeterX
- Carlos Kizzee, EVP, Intelligence Operations and Legal Affairs, RH-ISAC
- Jamie O’Meara, Global Solutions Architect, Snyk
- Kim DeCarlis, CMO and Security Expert, PerimeterX
- Quentyn Taylor, Director of Information Security at Canon for Europe, Middle East and Africa
- Richard Stiennon, Chief Research Analyst, IT Harvest
- (Moderator) Tony Morbin, Editor-in-Chief, IT Security Guru
- (Moderator) Yvonne Eskenzi, IT Security Guru
Q1: Have you heard the term #ShadowCode before? If yes, what do you understand it to mean?
Carlos: I think of #ShadowCode as the generally overlooked and often unknown third-party or “nested service provider” code that is incorporated into your e-commerce websites without the knowledge of the security team or awareness of its impacts on security, latency or compliance.
Jamie: #ShadowCode is the use of third-party scripts and libraries in a web application. 80% of code used in applications today originates outside an organization. External code, called open-source, provides accelerated value delivery, it also represents a risk to the organization.
Quentyn: #ShadowCode is code that’s been cut and pasted from other third-party locations and may not have been vetted to the same degree as own written code. It doesn’t mean it’s inherently insecure though.
Ameet: Application development today makes extensive use of third-party scripts and open source libraries, which are great for innovation and agility, but the end result is you don’t really know what code is running (Read more...)
*** This is a Security Bloggers Network syndicated blog from PerimeterX Blog authored by PerimeterX Blog. Read the original post at: https://www.perimeterx.com/resources/blog/2020/q-a-experts-weigh-in-on-the-hidden-world-of-shadow-code/
