Identifying and mitigating wild risks: A continuous framework for open source component security
1 Computer Science, JNTU, Hyderabad.
2 Department of CSE, Vignan's Nirula Institute of Technology and Science for Women, Peda Palakaluru, Guntur, Andhra Pradesh.
Review Article
World Journal of Advanced Research and Reviews, 2022, 14(02), 789-797
Publication history:
Received on 05 April 2022; revised on 22 May 2022; accepted on 29 May 2022
Abstract:
Using open-source components has become essential in today's software engineering practices, especially in the age of rapid software development. Nevertheless, companies are increasingly vulnerable to a new class of risks called wild risks that are both unanticipated and severe due to this rapid integration. These threats originate from flaws that appear in the wild, far from the reach of traditional threat intelligence or Common Vulnerabilities and Exposures (CVE) monitoring systems.In order to detect and lessen the impact of particularly dangerous open-source software (OSS) components, this research presents an adaptive and continuous architecture. The suggested system makes sure that security mechanisms are proactive and adapt to new threats by using real-time threat feeds, algorithms to detect anomalies, and contextual dependency analysis.Monitoring, assessment, and intervention are the three stages that make up the framework. Throughout the monitoring phase, exploit proofs-of-concept, dark web activities, code repositories, and vulnerability databases are regularly examined. At this stage, Dynamic Risk Scoring Algorithm (DRSA) is used that take into account things like impact severity, system exposure, propagation speed, and exploitability. Automatic dependency patching, code verification in a sandbox, and enforcement driven by policies are all triggered during the intervention phase.This method allows for earlier threat detection by focusing on risk emergence patterns and non-CVE-based intelligence, as opposed to conventional Software Composition Analysis (SCA) technique that depend mostly on known vulnerabilities. The model also takes into consideration the intricacies of the software supply chain and transitive dependencies, which are typically ignored by conventional frameworks. This research proposes a Dynamic Risk Scoring Algorithm for Software Composition Analysis (DRSA-SCA) for identification and reducing the Wild Risks in Open source environment. This technique provides a robust approach to managing changing open-source threats by utilizing a continuous security lifecycle. Strong protection is provided against the ever-changing and unexpected threat landscape caused by wild OSS risks with the proposed strategy, which positions itself as an essential element in security.
Keywords:
Software Development; Vulnerabilities; Open-Source Software; Dynamic Risk Scoring Algorithm; Software Composition Analysis; Security Lifecycle.
Full text article in PDF:
Copyright information:
Copyright © 2022 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0