by Michael Mimoso July 22, 2014
Third-party software libraries introduce efficiency and risk into enterprise applications. Two researchers will identify some of the most vulnerable libraries during a talk at the upcoming Black Hat conference.
Enterprise application developers are under real pressures to push projects out the door quickly and cheaply, and each new version certainly has to be better than the last. This forces them to make decisions that, at a minimum, improve efficiency—and also introduce additional risks.
Of particular concern is the use of third-party software libraries pulled in to help speed up the development of portals, shopping carts and other business and customer-facing applications. Such libraries have been under increasing scrutiny since the disclosure of the Heartbleed vulnerability in OpenSSL, which had Internet-wide implications on the integrity of online communications and business.OpenSSL is the most high-profile problem of late, but it’s certainly not the only one. Hundreds of open and closed source libraries are used, each with their own set of issues that often aren’t updated or patched with any consistency.
“Developers are using these things, and what’s not being recognized is that there could be anywhere from 50 to 150 third-party libraries that make up a single application,” said Jake Kouns, cofounder and president of the Open Security Foundation which runs the Open Source Vulnerability Database (OSVD). “Many companies may have a secure development lifecycle implemented and do a lot of security checking, but at the same time fail to realize that a lot of code from other places is being pulled in and not getting the same level of scrutiny.”
Full story
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.