In December, the FS-ISAC Third Party Software Security Working Group released new controls to manage risk associated with open source libraries and components. These controls recommend financial institutions apply policy management and enforcement as well as inventory management for open source libraries and components used in their application portfolio.
Why should open source component management be a top priority?
- 90% of the typical enterprise application is comprised of open source components
- 71% of applications were found to contain components with known security flaws classified as severe or critical
- 76% of organizations have no component management policies in place
- OWASP now recognizes 'using components with known vulnerabilities' as a top 10 open source security risk
The recent attacks based on the critical vulnerabilities announced in the popular Struts web framework are a perfect example of the severity of the problem. So much so that the FBI issued this alert.
No comments:
Post a Comment