Illustrating the Systemic Risk Caused by Open Source Library Use
How far-reaching is a vulnerability in one open source component? We recently took a closer look at one vulnerable component to find out. We followed the path of one component library -- Apache Commons Collection (or ACC) that contained a serious vulnerability. We traced all the other libraries ACC touched and, in turn, made vulnerable. In the end, we found its vulnerability had spread to an astounding 80,323 additional components. Attend this session to follow the path of this vulnerability and get a clear picture of exactly how and why open source libraries can pose such significant risk, and how to use and manage them in a secure way.