STATE OF SOFTWARE SECURITY Open Source Edition

Application security is one of the great frontiers in information security

Apart from the code that is authored by developers, virtually no modern application can avoid including open source libraries that provide functionality that would be extremely tedious to write from scratch.
Whether we’re looking at a relatively common library with a rich feature set, such as OpenSSL, or a four line JavaScript library that provides backward compatibility (yes, we’re looking at you, isarray), all of this imported code represents functionality that your developers did not author, but becomes code you have to manage. That free puppy1 that you adopt still needs to be fed, walked, and taken to the vet.