The Devils in the Dependency Data Driven Software Composition Analysis

Дата: 13.11.2020. Автор: CISOCLUB. Категории: Подкасты и видео по информационной безопасности

In this analysis, we examine over 85,000 applications and their use of more than 500k open source libraries. We provide an overview of open source usage showing that typical applications have hundreds or thousands of libraries, with most coming from a cascade of transitive dependencies. We find that proof-of-concept exploits exist for 21.7% of libraries with flaws, and that even very tiny (162 LoC) and very popular (included in 89% of applications) JavaScript libraries can contain exploitable flaws.

By Benjamin Edwards & Chris Eng

Full Abstract & Presentation Materials:

Об авторе CISOCLUB

Редакция CISOCLUB. Официальный аккаунт. CISOCLUB - информационный портал и профессиональное сообщество специалистов по информационной безопасности.
Читать все записи автора CISOCLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *