The OWASP Prime 10 was initially created by Endor Labs, a software program provide chain and software security firm centered on the safe consumption of OSS, CI/CD pipelines, and vulnerability administration. The mission additionally included assist from business leaders reminiscent of Palo Alto, HashiCorp, and Citibank.
Whereas historically vulnerability administration has checked out recognized vulnerabilities, usually within the type of Frequent Vulnerability and Exposures (CVE) lists, there’s a rising realization that recognized vulnerabilities are lagging indicators of danger.
To mature the way in which we strategy using open supply, a paradigm shift is required to have a look at main indicators of danger, that are metrics that will sign that there’s danger related to specific OSS libraries, elements, and initiatives that, when thought of holistically, will help inform safer consumption of OSS and mitigate potential dangers that manifest into exploits and vulnerabilities.
