Matthew Rose, global director of application security strategy at Checkmarx, an application security software vendor headquartered in Israel, said there were a number of ways a shared library might be infected by a malicious actor.
“Typically third-party libraries are maintained by a group of people who maintain the code base. Since these libraries have many contributors it is sometimes difficult to have one person responsible for the entire library code base which can potentially allow malicious code to be inserted,” Rose told SearchSecurity. “There is also the question of these libraries inheriting functionality from other code bases so there are definite tradeoffs in terms of risk versus the utilization of existing third party libraries.”
Click here to read the full article