Security : Open Source Security & Dependencies Management

Описание: Not all open source vulnerabilities are created equal. Some are accidental mistakes. Others are the result of deliberate, targeted attacks.

In this video, Darren Meyer, Lead Solutions Architect at Endor Labs, breaks down the two primary categories of security risk introduced by software dependencies: unintentional mistakes and malicious behavior. He explains how each type impacts your organization differently and what tools and strategies you need to defend against both.

🔍 What you’ll learn:
How common developer mistakes introduce vulnerabilities in libraries
What dependency subversion, confusion, and infiltration look like in real scenarios
How to detect and mitigate typo-squatting and backdoor packages
The difference between managing known CVEs and identifying hidden malicious behavior
Why runtime analysis and threat intelligence are essential in today’s threat landscape
How to prioritize patching based on actual risk to your organization

Whether you are managing open source code, reviewing third-party libraries, or building a secure SDLC, this video will help you better understand the evolving nature of supply chain threats.

00:00 Introduction to Software Dependencies and Security
00:07 Accidental Vulnerabilities in Dependencies
00:46 Deliberate Security Risks by Malicious Actors
00:52 Subversion: Unauthorized Modification of Dependencies
01:25 Dependency Confusion: Tricking Developers
02:22 Infiltration: Malicious Packages with Legitimate Facades
03:17 Responding to Mistakes in Dependencies
04:06 Responding to Malicious Actions
05:21 Conclusion: Prioritizing and Mitigating Risks

Learn more:
https://www.leanappsec.com/