Open source software is amazing, but it’s also a complicated beast when it comes to ownership, trust, and security. Many organizations operate mission critical systems with the help of open source libraries, unaware that some of these libraries include vulnerabilities that hackers can easily exploit. This type of vulnerability led to the 2017 Equifax breach.
In this practical report, author Guy Podjarny provides a framework to help you continuously find and fix known vulnerabilities in the open source libraries you use. Every software library has potential pitfalls, and vulnerable dependencies are prime targets. Aimed at architects and practitioners in development and application security, this report walks you through practices and tools to protect your applications at scale.