Gebruik externe libraries bij API Security oplossingen

“The Cargo Cult of Cybersecurity” is een blog van Kuppinger Cole analist Alexei Balaganski. Het legt uit waarom het gebruik van externe libraries gevaren met zich mee brengt.

Hij schrijft: “While reading the documentation for a security-related product of one reputable vendor, I’ve realized that it uses an external MySQL database to store its configuration. That got me thinking: a security product is sold with a promise to add a layer of protection around an existing business application with known vulnerabilities. However, this security product itself relies on another application with known vulnerabilities (MySQL isn’t exactly known for its security) to fulfill its basic functions. Is the resulting architecture even a tiny bit more secure? Not at all – due to added complexity it’s in fact even more open to malicious attacks”. Lees het hele artikel

Ps : Wellicht ten overvloede: Forum Sentry van Forum Systems maakt geen gebruik van externe libraries.