The OWASP Top 10 was originally created by Endor Labs, a software supply chain and application security company specializing in secure OSS deployments, CI/CD pipelines, and risk management. The project also included support from industry leaders such as Palo Alto, HashiCorp, and Citibank.
While risk managers have traditionally looked at known risks, often in the form of a standard vulnerability and exposure (CVE) inventory, there is a growing recognition that known risks are lagging indicators of risk.
To mature in the way we approach the use of open source, a paradigm shift is needed to look at the leading indicators of risk, which are metrics that may indicate that there is a risk associated with certain OSS libraries, components, and projects that, when considered holistically. , can help inform more secure use of OSS and reduce potential risks of exploitation and vulnerability.
Source link