New research from Endor Labs offers a view into the rampant but often unmonitored use of existing open-source software in application development and the dangers arising from this common practice.
Open source vulnerabilities
As just one example, the research reveals that 95% of all vulnerabilities are found in transitive dependencies – open-source code packages that developers do not select, but are indirectly pulled into projects.