Breaking Down Findings & Insights From Contrast Security's 2021 State of Open-source Security Report

Much attention has been given to the software supply chain over the past several months due to the SolarWinds hack. Open-source libraries are a critical part of the software supply chain, and they can pose serious risk if they are not monitored and managed appropriately. Legacy software composition analysis tools equate third-party vulnerabilities on a level playing field. But the reality is most third-party code is never invoked by the applications in which they reside and pose no risk. A group of experts from Contrast Security discuss findings and insights from the new 2021 State of Open-source Security Report by Contrast Labs in this Inside AppSec Podcast. The discussion touches on library complexities as well as five layers of open-source risk.