Writing secure applications doesn’t mean simply checking the code you’ve written to make sure there are no logic errors or coding mistakes. Attackers are increasingly targeting vulnerabilities in third-party libraries as part of their attacks, so you have to check the safety of all the dependencies and components, too.

In manufacturing, companies create a bill of materials, listing in detail all the items included when building a product so that buyers know exactly what they’re buying. Processed food packaging, for example, typically tells you what’s inside so that you can make an informed buying decision.

When it comes to software, untangling the code to know what libraries are in use and which dependencies exist is hard. It’s a challenge most IT teams don’t have the time or resources to unravel.

To read this article in full or to leave a comment, please click here

Source: Security