The Devils in the Dependency Data Driven Software Composition Analysis

Дата: 13.11.2020. Автор: CISO CLUB. Категории: Подкасты и видео по информационной безопасности

In this analysis, we examine over 85,000 applications and their use of more than 500k open source libraries. We provide an overview of open source usage showing that typical applications have hundreds or thousands of libraries, with most coming from a cascade of transitive dependencies. We find that proof-of-concept exploits exist for 21.7% of libraries with flaws, and that even very tiny (162 LoC) and very popular (included in 89% of applications) JavaScript libraries can contain exploitable flaws.

By Benjamin Edwards & Chris Eng

Full Abstract & Presentation Materials: https://www.blackhat.com/us-20/briefings/schedule/#the-devils-in-the-dependency-data-driven-software-composition-analysis-20208

CISO CLUB

Об авторе CISO CLUB

Редакция портала cisoclub.ru. Добавляйте ваш материал на сайт в разделе "Разместить публикацию".
Читать все записи автора CISO CLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *