Earlier this month, PerimeterX co-hosted a Tweet Chat with IT Security Guru on the topic of Shadow Code and invited a variety of industry experts including analysts, influencers and executives to weigh in on this little-known threat. The conversation lasted for an hour and delved into the issue from the perspective of DevOps, IT security, e-commerce and beyond. Participants included the following individuals:<\/p>\n
Carlos: I think of #ShadowCode as the generally overlooked and often unknown third-party or nested service provider code that is incorporated into your e-commerce websites without the knowledge of the security team or awareness of its impacts on security, latency or compliance.<\/p>\n
Jamie: #ShadowCode is the use of third-party scripts and libraries in a web application. 80% of code used in applications today originates outside an organization. External code, called open-source, provides accelerated value delivery, it also represents a risk to the organization.<\/p>\n
Quentyn: #ShadowCode is code thats been cut and pasted from other third-party locations and may not have been vetted to the same degree as own written code. It doesnt mean its inherently insecure though.<\/p>\n
Ameet: Application development today makes extensive use of third-party scripts and open source libraries, which are great for innovation and agility, but the end result is you dont really know what code is running (Read more...)<\/p>\n
<\/p>\n
See the rest here:<\/p>\n