SBN

Managing the Risks of Third-party Code in the Digital Supply Chain

Managing the Risks of Third-party Code in the Digital Supply Chain

Risks and Rewards of Shadow Code

Nearly all websites include open-source script libraries and third-party add-ons that provide user-friendly functionality. Dubbed shadow code, most digital businesses don’t have complete visibility into the third-party scripts on their sites. This can leave website owners blind to security vulnerabilities that cybercriminals can exploit in client-side supply chain attacks, such as Magecart and digital skimming, personally identifiable information (PII) harvesting and formjacking attacks.

Despite this, 70% of a typical website’s client-side code is third-party. Developers leverage this external code for functionalities like font delivery, payment processing and customer login because it saves significant time and resources. Marketing also gets into the third-party game by adding tracking tools, chatbots, and other applications that enhance user experience.

Third-party code is necessary for businesses to stay relevant in a quickly changing and expanding digital world, but they can also open the door to major security issues. In fact, 92% of website decision makers say they don’t have complete visibility into this code on their sites. Read on to learn why this is good news for fraudsters.

Fraudsters Like Blind Spots

Throughout the years, the architecture of modern websites has fundamentally changed. Back in the day, the browser was simply a tool for viewing a website’s data. Rendering was done on the server side, so by securing their own infrastructure, companies could offer a safe, albeit slow, user experience. Fast forward ten years and things have flipped. The advent of Dynamic JavaScript allows for caching, and browsers can render code themselves, which provides a faster and more engaging user experience. But because so much of the code on a modern website is written and maintained elsewhere, website owners can’t see it. Open-source libraries and third-party applications are served through their own networks, causing security blind spots (Read more...)

*** This is a Security Bloggers Network syndicated blog from PerimeterX Blog authored by PerimeterX Blog. Read the original post at: https://www.perimeterx.com/resources/blog/2022/managing-the-risks-of-third-party-code-in-the-digital-supply-chain/