Security : Open Source Security & Dependencies Management скачать в хорошем качестве

Security : Open Source Security & Dependencies Management

Not all open source vulnerabilities are created equal. Some are accidental mistakes. Others are the result of deliberate, targeted attacks. In this video, Darren Meyer, Lead Solutions Architect at Endor Labs, breaks down the two primary categories of security risk introduced by software dependencies: unintentional mistakes and malicious behavior. He explains how each type impacts your organization differently and what tools and strategies you need to defend against both. 🔍 What you’ll learn: How common developer mistakes introduce vulnerabilities in libraries What dependency subversion, confusion, and infiltration look like in real scenarios How to detect and mitigate typo-squatting and backdoor packages The difference between managing known CVEs and identifying hidden malicious behavior Why runtime analysis and threat intelligence are essential in today’s threat landscape How to prioritize patching based on actual risk to your organization Whether you are managing open source code, reviewing third-party libraries, or building a secure SDLC, this video will help you better understand the evolving nature of supply chain threats. 00:00 Introduction to Software Dependencies and Security 00:07 Accidental Vulnerabilities in Dependencies 00:46 Deliberate Security Risks by Malicious Actors 00:52 Subversion: Unauthorized Modification of Dependencies 01:25 Dependency Confusion: Tricking Developers 02:22 Infiltration: Malicious Packages with Legitimate Facades 03:17 Responding to Mistakes in Dependencies 04:06 Responding to Malicious Actions 05:21 Conclusion: Prioritizing and Mitigating Risks Learn more: https://www.leanappsec.com/