Securing Open Source Libraries

Open source software is amazing, but it’s also a complicated beast when it comes to ownership, trust, and security. Many organizations operate mission critical systems with the help of open source libraries, unaware that some of these libraries include vulnerabilities that hackers can easily exploit. This type of vulnerability led to the 2017 Equifax breach.In this practical report, author Guy Podjarny provides a framework to help you continuously find and fix known vulnerabilities in the open source libraries you use. Every software library has potential pitfalls, and vulnerable dependencies are prime targets. Aimed at architects and practitioners in development and application security, this report walks you through practices and tools to protect your applications at scale.Understand what known vulnerabilities are and why they matterLearn how to find and fix vulnerabilities in open source librariesIntegrate testing to prevent adding new vulnerable libraries to your codeRespond to newly disclosed vulnerabilities in libraries you already useLearn which aspects matter most when choosing a Software Composition Analysis (SCA) testing tool