A6:2021 | Vulnerable and Outdated Components (13) | Cycubix Docs

Summary

• Open source consumption in modern day applications has increased.
• Open source is obtained from many different repositories with different quality standards.
• Security information on vulnerabilities is scattered everywhere.
• License information is often difficult to validate.
• Most teams don’t have a component upgrade strategy.
• Open source components are the new attack vector.

What to do

• Generate an OSS Bill of Materials.
  • Use automated tooling
• Baseline open source consumption in your organization.
• Develop an open source component risk management strategy to mitigate current risk and reduce future risk.