Book description
Open source software is amazing, but it’s also a complicated beast when it comes to ownership, trust, and security. Many organizations operate mission critical systems with the help of open source libraries, unaware that some of these libraries include vulnerabilities that hackers can easily exploit. This type of vulnerability led to the 2017 Equifax breach.
In this practical report, author Guy Podjarny provides a framework to help you continuously find and fix known vulnerabilities in the open source libraries you use. Every software library has potential pitfalls, and vulnerable dependencies are prime targets. Aimed at architects and practitioners in development and application security, this report walks you through practices and tools to protect your applications at scale.
- Understand what known vulnerabilities are and why they matter
- Learn how to find and fix vulnerabilities in open source libraries
- Integrate testing to prevent adding new vulnerable libraries to your code
- Respond to newly disclosed vulnerabilities in libraries you already use
- Learn which aspects matter most when choosing a Software Composition Analysis (SCA) testing tool
Table of contents
- Introduction
- 1. Known Vulnerabilities in Open Source Packages
- 2. Finding Vulnerable Packages
- 3. Fixing Vulnerable Packages
- 4. Integrating Testing to Prevent Vulnerable Libraries
- 5. Responding to New Vulnerability Disclosures
- 6. Choosing a Software Composition Analysis Solution
- 7. Summary
Product information
- Title: Securing Open Source Libraries
- Author(s):
- Release date: November 2017
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781491996973
You might also like
article
Use Github Copilot for Prompt Engineering
Using GitHub Copilot can feel like magic. The tool automatically fills out entire blocks of code--but …
book
Introduction to Cryptography with Open-Source Software
This text illustrates algorithms and cryptosystems using examples and the open-source computer algebra system of Sage. …
article
Use GitHub Copilot: Additional Tips
Using GitHub Copilot can feel like magic. The tool automatically fills out entire blocks of code--but …
book
Serverless Security
Serverless is taking the cloud native world by storm. This new approach promises extraordinary value, from …