Acceleration Economy
  • Home
  • Cloud Wars
  • Analyst Content
    • By Category
      • AI/AI Index
      • Cloud/Cloud Wars
      • Cybersecurity
      • Data
    • By Interest
      • Leadership
      • Generative AI
      • Partners Ecosystem
      • Process Mining
      • Sustainability
    • By Industry
      • Financial Services
      • Healthcare
      • Manufacturing
      • Retail
    • By Type
      • Guidebooks
      • Summits
      • Roundtables
      • Video Moments
    • By Vendors
      • All Vendors
      • AI/Hyperautomation
      • Cloud
      • Cybersecurity
      • Data
  • Courses
    • Cloud Wars Top 10
    • Selling AI, Cloud, Data & Cybersecurity
    • The Demise of Traditional Go-To-Market Strategies
  • What we do
    • Advisory Services
    • Marketing Services
    • Event Services
  • Who we are
    • About Us
    • Practitioner Analysts
  • Subscribe
Twitter Instagram
  • Courses
  • Summit NA
  • Dynamics Communities
Twitter LinkedIn
Acceleration Economy
  • Home
  • Cloud Wars
  • Analyst Content
        • By Category
          • AI/AI Index
          • Cloud/Cloud Wars
          • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
          • Data
        • By Interest
          • Leadership
          • Generative AI
          • Partners Ecosystem
          • Process Mining
          • Sustainability
        • By Industry
          • Financial Services
          • Healthcare
          • Manufacturing
          • Retail
        • By Type
          • Guidebooks
          • Summits
          • Roundtables
          • Video Moments
        • By Vendors
          • All Vendors
          • AI/Hyperautomation
          • Cloud
          • Cybersecurity
          • Data
  • Courses
    • Cloud Wars Top 10
    • Selling AI, Cloud, Data & Cybersecurity
    • The Demise of Traditional Go-To-Market Strategies
  • What we do
    • Advisory Services
    • Marketing Services
    • Event Services
  • Who we are
    • About Us
    • Practitioner Analysts
  • Subscribe
    • Login / Register
Acceleration Economy
    • Login / Register
Home » How Endor Labs Research Defines State of Open-Source Vulnerabilities
Cybersecurity as a Business Enabler

How Endor Labs Research Defines State of Open-Source Vulnerabilities

Chris HughesBy Chris HughesMarch 16, 2023Updated:March 16, 20233 Mins Read
Facebook Twitter LinkedIn Email
To adjust the volume hover the cursor over the volume bar
Share
Facebook Twitter LinkedIn Email
Acceleration Economy Cybersecurity

In episode 61 of the Cybersecurity Minute, Chris Hughes takes a look at Endor Labs’ recently released list of the top 10 open-source software risks.

This episode is sponsored by Acceleration Economy’s Digital CIO Summit, taking place April 4-6. Register for the free event here. Tune in to the event to hear from CIO practitioners discuss their modernization and growth strategies.

Highlights

00:33 — Endor Labs is a software supply chain company on the Acceleration Economy Cybersecurity Top 10 Short List. Endor’s report is on the top 10 open-source software risks. Chris reminds us of Log4j vulnerability as an example of the risks that come with open-source software.

See the Cybersecurity Top 10 shortlist

01:15 — Known vulnerabilities comes first on Endor’s list. Open-source software components that have known vulnerabilities are listed in the NIST (National Institute of Standards and Technology) National Vulnerability Database. These vulnerabilities can be exploited if not patched properly.

01:34 — Second is the compromise of a legitimate package, as seen with SolarWinds. This happens when malicious actors take advantage of credentials for open-source software project maintainers or contributors.

02:03 — Next up is name confusion attacks. Chris explains that we’ve seen an uptick in things like typosquatting, brand jacking, and combo squatting. These are essentially taking an open-source software component and then creating a malicious component and renaming it something very similar to the legitimate component.

02:27 — Number four is unmaintained software. The saying goes “software ages like milk.” Some open-source software hasn’t been updated for several years.

Insights into the Why & How to Secure SaaS Applications_featured
Guidebook: Secure SaaS Applications

03:00 — Number five is outdated software. Sometimes organizations aren’t patching. They haven’t applied the latest version of components to their software.

03:28 — Number six is untracked dependencies. Organizations simply don’t know what open-source software components and dependencies they have in their environment. More organizations are trying to use tools to identify their open-source software consumption.

03:56 — Next up, number seven is licensing and regulatory risk. For example, if your organization is using an open-source software component and violates the licensing by using it in one of its products, there could be legal ramifications.

04:27 — Number eight on the list is immature software, which Chris calls “the promise and the peril of open-source software.” Organizations might make use of immature software components in mature software, putting them at risk.

04:59 — Number nine is unapproved changes. Consumers might put an unapproved change into their systems, software, or products, and it has a negative impact both on security or operations in terms of reliability.

05:27 — And last on the list, number 10, is under/oversized dependencies. This is often referred to as attack surface management or code bloat. Oversized dependencies can increase your attack surface.

06:00 — All that said, there’s a lot of promise when it comes to open-source software. The majority of modern code bases are comprised of open-source software components. If you’re trying to get an understanding of the risks, Endor Labs’ list is a great resource.


Want more cybersecurity insights? Visit the Cybersecurity channel:

Acceleration Economy Cybersecurity

Interested in Endor Labs?

Schedule a discovery meeting to see if we can help achieve your goals

Connect With Us

Book a Demo

Endor-Labs featured Open-Source Software risk supply chain vulnerability Vulnerability management
Share. Facebook Twitter LinkedIn Email
Analystuser

Chris Hughes

CISO & Co-Founder
Aquia

Areas of Expertise
  • Cybersecurity
  • LinkedIn

Chris Hughes is an Acceleration Economy Analyst focusing on Cybersecurity. Chris currently serves as the Co-Founder and CISO of Aquia. Chris has nearly 20 years of IT/Cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a Civil Servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an Adjunct Professor for M.S. Cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry Working Groups such as the Cloud Security Alliances Incident Response Working Group and serves as the Membership Chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. Chris holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and Cybersecurity leaders from various industries to assist their organizations with their Cloud migration journeys while keeping Security a core component of that transformation.

  Contact Chris Hughes ...

Related Posts

Oracle Q1: Despite Market-Cap Thrashing, Cloud Growth Still Surging

September 13, 2023

C3 AI Extends Enterprise Generative AI Focus With Suite for Industries, Processes

September 13, 2023

Generative AI’s Role in Reshaping Business Dynamics: Uphoff on Industry

September 13, 2023

AI Index: PayPal and VISA Reduce Risk with AI; ConverSight Secures $9 Million; Hugging Face Announces SafeCoder

September 13, 2023
Add A Comment

Comments are closed.

Recent Posts
  • Oracle Q1: Despite Market-Cap Thrashing, Cloud Growth Still Surging
  • C3 AI Extends Enterprise Generative AI Focus With Suite for Industries, Processes
  • Generative AI’s Role in Reshaping Business Dynamics: Uphoff on Industry
  • Oracle Q1: Catz, Ellison Bullish but Investors Cut Market Cap by $35B
  • AI Index: PayPal and VISA Reduce Risk with AI; ConverSight Secures $9 Million; Hugging Face Announces SafeCoder

  • 2X a week
  • Analyst Videos & Articles
  • Exclusive Digital Business Content
This field is for validation purposes and should be left unchanged.
Most Popular Guidebooks

The State of Process Mining 2023: Unlocking Efficiency and Driving Customer Satisfaction

July 31, 2023

How Workday Creates Agile Monetization Opportunities for CFOs

June 21, 2023

Why & How to Create a Zero-Trust Framework

June 12, 2023

The Ethical and Workforce Impacts of Generative AI

May 26, 2023

Advertisement
Acceleration Economy
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Advertising Opportunities
  • Do not sell my information
© 2023 Acceleration Economy.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.