Acceleration Economy
  • Home
  • Cloud Wars
  • Analyst Content
    • By Category
      • AI/Hyperautomation
      • Cloud/Cloud Wars
      • Cybersecurity
      • Data
    • By Interest
      • Leadership
      • Office of the CFO
      • Partners Ecosystem
      • Sustainability
    • By Industry
      • Financial Services
      • Healthcare
      • Manufacturing
      • Retail
    • By Type
      • Guidebooks
      • Digital Summits
      • Practitioner Roundtables
      • Practitioner Playlists
    • By Language
      • Español
  • Vendor Shortlists
    • All Vendors
    • AI/Hyperautomation
    • Cloud
    • Cybersecurity
    • Data
  • What we do
    • Advisory Services
    • Marketing Services
    • Event Services
  • Who we are
    • About Us
    • Practitioner Analysts
  • Subscribe
Twitter Instagram
  • CIO Summit
  • Summit NA
  • Dynamics Communities
Twitter LinkedIn
Acceleration Economy
  • Home
  • Cloud Wars
  • Analyst Content
        • By Category
          • AI/Hyperautomation
          • Cloud/Cloud Wars
          • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
          • Data
        • By Interest
          • Leadership
          • Office of the CFO
          • Partners Ecosystem
          • Sustainability
        • By Industry
          • Financial Services
          • Healthcare
          • Manufacturing
          • Retail
        • By Type
          • Guidebooks
          • Digital Summits
          • Practitioner Roundtables
          • Practitioner Playlists
        • By Language
          • Español
  • Vendor Shortlists
    • All Vendors
    • AI/Hyperautomation
    • Cloud
    • Cybersecurity
    • Data
  • What we do
    • Advisory Services
    • Marketing Services
    • Event Services
  • Who we are
    • About Us
    • Practitioner Analysts
  • Subscribe
    • Login / Register
Acceleration Economy
    • Login / Register
Home » How Endor Labs Research Defines State of Open-Source Vulnerabilities
Cybersecurity as a Business Enabler

How Endor Labs Research Defines State of Open-Source Vulnerabilities

Chris HughesBy Chris HughesMarch 16, 2023Updated:March 16, 20233 Mins Read
Facebook Twitter LinkedIn Email
To adjust the volume hover the cursor over the volume bar
Share
Facebook Twitter LinkedIn Email
Acceleration Economy Cybersecurity

In episode 61 of the Cybersecurity Minute, Chris Hughes takes a look at Endor Labs’ recently released list of the top 10 open-source software risks.

This episode is sponsored by Acceleration Economy’s Digital CIO Summit, taking place April 4-6. Register for the free event here. Tune in to the event to hear from CIO practitioners discuss their modernization and growth strategies.

Highlights

00:33 — Endor Labs is a software supply chain company on the Acceleration Economy Cybersecurity Top 10 Short List. Endor’s report is on the top 10 open-source software risks. Chris reminds us of Log4j vulnerability as an example of the risks that come with open-source software.

See the Cybersecurity Top 10 shortlist

01:15 — Known vulnerabilities comes first on Endor’s list. Open-source software components that have known vulnerabilities are listed in the NIST (National Institute of Standards and Technology) National Vulnerability Database. These vulnerabilities can be exploited if not patched properly.

01:34 — Second is the compromise of a legitimate package, as seen with SolarWinds. This happens when malicious actors take advantage of credentials for open-source software project maintainers or contributors.

02:03 — Next up is name confusion attacks. Chris explains that we’ve seen an uptick in things like typosquatting, brand jacking, and combo squatting. These are essentially taking an open-source software component and then creating a malicious component and renaming it something very similar to the legitimate component.

02:27 — Number four is unmaintained software. The saying goes “software ages like milk.” Some open-source software hasn’t been updated for several years.

Insights into the Why & How to Secure SaaS Applications_featured
Guidebook: Secure SaaS Applications

03:00 — Number five is outdated software. Sometimes organizations aren’t patching. They haven’t applied the latest version of components to their software.

03:28 — Number six is untracked dependencies. Organizations simply don’t know what open-source software components and dependencies they have in their environment. More organizations are trying to use tools to identify their open-source software consumption.

03:56 — Next up, number seven is licensing and regulatory risk. For example, if your organization is using an open-source software component and violates the licensing by using it in one of its products, there could be legal ramifications.

04:27 — Number eight on the list is immature software, which Chris calls “the promise and the peril of open-source software.” Organizations might make use of immature software components in mature software, putting them at risk.

04:59 — Number nine is unapproved changes. Consumers might put an unapproved change into their systems, software, or products, and it has a negative impact both on security or operations in terms of reliability.

05:27 — And last on the list, number 10, is under/oversized dependencies. This is often referred to as attack surface management or code bloat. Oversized dependencies can increase your attack surface.

06:00 — All that said, there’s a lot of promise when it comes to open-source software. The majority of modern code bases are comprised of open-source software components. If you’re trying to get an understanding of the risks, Endor Labs’ list is a great resource.


Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel:

Acceleration Economy Cybersecurity

Interested in Endor Labs?

Schedule a discovery meeting to see if we can help achieve your goals

Connect With Us

Book a Demo

Endor-Labs featured Open-Source Software risk supply chain vulnerability Vulnerability management
Share. Facebook Twitter LinkedIn Email
Analystuser

Chris Hughes

CISO & Co-Founder
Aquia

Areas of Expertise
  • Cybersecurity
  • LinkedIn

Chris Hughes is an Acceleration Economy Analyst focusing on Cybersecurity. Chris currently serves as the Co-Founder and CISO of Aquia. Chris has nearly 20 years of IT/Cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a Civil Servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an Adjunct Professor for M.S. Cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry Working Groups such as the Cloud Security Alliances Incident Response Working Group and serves as the Membership Chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. Chris holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and Cybersecurity leaders from various industries to assist their organizations with their Cloud migration journeys while keeping Security a core component of that transformation.

  Contact Chris Hughes ...

Related Posts

Why Cybersecurity Leaders Need to Know the CISA Zero Trust Maturity Model

March 30, 2023

How Informatica Unlocks Digital Transformation With AI-Powered Data Management Platform

March 30, 2023

How ChaptGPT Plugins Create New AI Value, Including Real-Time Information

March 30, 2023

How to Prioritize IT Projects and Explain Their Value to the C-Suite, Board, and Business Units

March 30, 2023
Add A Comment

Comments are closed.

Recent Posts
  • Why Cybersecurity Leaders Need to Know the CISA Zero Trust Maturity Model
  • Let’s Talk Transformation | Strategy
  • How Informatica Unlocks Digital Transformation With AI-Powered Data Management Platform
  • How ChaptGPT Plugins Create New AI Value, Including Real-Time Information
  • How to Prioritize IT Projects and Explain Their Value to the C-Suite, Board, and Business Units

  • 3X a week
  • Analyst Videos, Articles & Playlists
  • Exclusive Digital Business Content
This field is for validation purposes and should be left unchanged.
Most Popular Guidebooks

Securing Multi-Cloud Ecosystems

March 24, 2023

Securing Software-as-a-Service Applications

March 1, 2023

Retail Innovation With AI, Data, and Cybersecurity

March 1, 2023

Cloud Data Strategy, Analytics, and Governance

February 27, 2023

Advertisement
Acceleration Economy
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Advertising Opportunities
© 2023 Acceleration Economy.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?

Connect with

Login with Google Login with Windowslive

Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.