Q&A: Experts Weigh in on the Hidden World of Shadow Code – Security Boulevard

Earlier this month, PerimeterX co-hosted a Tweet Chat with IT Security Guru on the topic of Shadow Code and invited a variety of industry experts including analysts, influencers and executives to weigh in on this little-known threat. The conversation lasted for an hour and delved into the issue from the perspective of DevOps, IT security, e-commerce and beyond. Participants included the following individuals:

Carlos: I think of #ShadowCode as the generally overlooked and often unknown third-party or nested service provider code that is incorporated into your e-commerce websites without the knowledge of the security team or awareness of its impacts on security, latency or compliance.

Jamie: #ShadowCode is the use of third-party scripts and libraries in a web application. 80% of code used in applications today originates outside an organization. External code, called open-source, provides accelerated value delivery, it also represents a risk to the organization.

Quentyn: #ShadowCode is code thats been cut and pasted from other third-party locations and may not have been vetted to the same degree as own written code. It doesnt mean its inherently insecure though.

Ameet: Application development today makes extensive use of third-party scripts and open source libraries, which are great for innovation and agility, but the end result is you dont really know what code is running (Read more...)

See the rest here:

Q&A: Experts Weigh in on the Hidden World of Shadow Code - Security Boulevard