Endor Labs has issued a report outlining the top 10 open source software risks of 2023.
The report, developed in collaboration with HashiCorp, Adobe, Palo Alto Networks, and others, “outlines risks introduced through the dependency on open source components throughout the software development process,” the announcement states.
Specifically, the top risks named in the report are:
- OSS-RISK-1 — Known Vulnerabilities
- OSS-RISK-2 — Compromise of Legitimate Package
- OSS-RISK-3 — Name Confusion Attacks
- OSS-RISK-4 — Unmaintained Software
- OSS-RISK-5 — Outdated Software
- OSS-RISK-6 — Untracked Dependencies
- OSS-RISK-7 — License Risk
- OSS-RISK-8 — Immature Software
- OSS-RISK-9 — Unapproved Changes (mutable)
- OSS-RISK-10 — Under/Oversized Dependency
See the full report for risk details.
Comments