These days, there’s an app for virtually anything. Enabling rapid application development and deployment of these apps is a nearendless body of components, most of which are open source: code, scripts, artifacts and more. But while these components are driving faster development and deployment, they also can be a security nightmare for companies that fail to manage and secure them effectively—a scenario that has proven catastrophic in several high-profile incidents over the last few years.
It is estimated that 66 percent to 80 percent of the code comprising most applications today are actually pre-written components that are assembled by the developer team, who then write custom code to add specific functionalities. These components are used and reused as needs arise. Who is responsible for managing the security of these components? And, with so many apps and so many components, is it even possible to manage their security manually?