TRENDING
ENDOR LABS RELEASES COMPREHENSIVE REPORT ON OPEN SOURCE SOFTWARE DEPENDENCY MANAGEMENT
New research offers CIOs and CISOs analysis of trends and dangers in open source software dependencies – and ways to prioritize the greatest risks .
Endor Labs has released the 2024 Dependency Management Report which consolidates extensive original and third-party research into the current state of security in the software dependency lifecycle that represents the foundation for all application development .
The research is based on analysis of Endor Labs vulnerability data , the Open Source Vulnerabilities ( OSV ) database for comparison , information from Endor Labs customer tenants and Java ARchives ( JARs ) of hundreds of versions of the top 15 open source dependencies to compute breaking changes .
The third annual report from Endor Labs – which offers a C-suite perspective into potential vulnerabilities within open source dependencies or software packages – reveals that while remediation costs for dependency risks are perilously high , function-level reachability analysis still offers the best value in this critical area .
Darren Meyer , Staff Research Engineer , Endor Labs , said : “ A lot of organizations are struggling with managing dependency risks . They ' re drowning in vulnerability alerts , many of which don ' t represent relevant risk ; researching the alerts is expensive for security and software teams and trying to fix everything is even more expensive . Endor Labs research shows that analysis-based vulnerability prioritization has become a critical capability because of this , and highlights other trends and challenges related to dependency management .”
For a vulnerability in an open source library to be exploitable , there must be , at minimum , a call path from the application to the vulnerable function in that
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 23