{"id":42627,"date":"2021-05-27T00:00:00","date_gmt":"2021-05-27T00:00:00","guid":{"rendered":"https:\/\/www.trendmicro.com\/en_us\/research\/21\/e\/best-practices-for-managing-open-source-code-risks.html"},"modified":"2021-05-27T00:00:00","modified_gmt":"2021-05-27T00:00:00","slug":"manage-open-source-code-security-risks-vp-cloud-security","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/manage-open-source-code-security-risks-vp-cloud-security\/","title":{"rendered":"Manage Open Source Code Security Risks VP, Cloud Security"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/e\/best-practices-for-managing-open-source-code-risks\/open-source.jpg\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/e\/best-practices-for-managing-open-source-code-risks\/open-source.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p><a href=\"https:\/\/www.slideshare.net\/denimgroup\/create-a-unified-view-of-your-application-security-program-black-duck-hub-and-threadfix\" target=\"_blank\" rel=\"noopener\">https:\/\/www.slideshare.net\/denimgroup\/create-a-unified-view-of-your-application-security-program-black-duck-hub-and-threadfix<\/a><\/p>\n<p>Take Capital One Bank as an example of this. In the 2010\u2019s they followed the waterfall methodology. The organization lives in the heavily regulated financial industry and is currently using Open Source as a part of their day-to-day work \u2013 even having built large components of their platform off it. In 2012 they were not open-source friendly with a \u201csay no to open source\u201d company mindset. Eventually, they realized they were using:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Java (open source)<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Linux (open source)<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Apache (open source)<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Eclipse (open source)<\/span><\/li>\n<\/ul>\n<p>They realized quickly they were building their environment off of open source. Through a migration from commercial source code management to subversion and their own architecture, they were able to launch their production applications (built in house) with open source code as part of the foundation. With specific processes put in place to mitigate the risks associated with open source code use, such as legal review, they were able to successfully execute without breaches or \u201csecret\u201d code releases.<\/p>\n<p>Value of open source to Capital One: \u201c<i>Using Open Source software gives us numerous advantages from a business perspective. Open Source gives us the ability to re-use what already exists and works well, with full flexibility to customize and\/or contribute back what we need for our business. It also means that we are inherently building with technology that a broader community is investing in, dramatically reducing the likelihood that we are relying on end of life tech as well as making us more permeable to the larger talent ecosystem<\/i>\u201d \u2013 John Schmidt, Product Manager Capital One<\/p>\n<p><span class=\"body-subhead-title\">Open source isn\u2019t completely free:<\/span><\/p>\n<p>A common misconception of open source code is that it is \u201cfree\u201d. Like a free puppy, its great to get, but then you still have to care for it and feed it. To benefit from open source code use, you need to get the right people, and tech involved to mitigate for the unique risks associated with it.<\/p>\n<p><b><span class=\"body-subhead-title\">Legal Open Source Risk:<\/span><\/b><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Licenses: Authors of software have rights to their code.<\/span>\n<ul>\n<li><span class=\"rte-circle-bullet\">Permissive (giving credit) vs. Copy left (distribute and show source code + share code being touched)<\/span><\/li>\n<li><span class=\"rte-circle-bullet\">Using code is as-is (no recourse to the author)<\/span><\/li>\n<li><span class=\"rte-circle-bullet\">Request changes or pull requests<\/span><\/li>\n<\/ul>\n<\/li>\n<li><span class=\"rte-red-bullet\">Trade secret disclosure (IP infringement)<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Devaluation of patent portfolio<\/span><\/li>\n<li><span class=\"rte-red-bullet\">M&amp;A Impact<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Reputational risk<\/span><\/li>\n<\/ul>\n<p>In fact, many large companies such as <a href=\"https:\/\/www.linkedin.com\/in\/jamiespecter\/\" target=\"_blank\" rel=\"noopener\">Capital One and Facebook<\/a> have Open Source legal counsel on staff. They hold the position of \u201claw and technology counsel\u201d and advise on the above legal issues. For example, during a Merger &amp; Acquisition they will advise on any open source issues during due diligence and then after the acquisition, work in partnership with the integration team.<\/p>\n<p><b><span class=\"body-subhead-title\">Open Source Security Risks:<\/span><\/b><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Vulnerabilities \u2013 average of 64 vulns per code base. 1500+ days before a fix. Development processes are your first line of defense.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">You build it you own it<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Software of unknown origin<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Continuous monitoring of config and environment<\/span><\/li>\n<\/ul>\n<p>To mitigate the risks, usage of Open Source repository scanning technologies is mandatory. A service which is able to find manifest files (identify and analyze), understand the direct and indirect dependencies (and flag them for known vulnerabilities) is a must. Having integration into your code repository also helps identify your risks tied to your projects. Then building the issue findings into your ticketing system (or creating pull requests) for remediation, at the developer level, is the next step to ensure the code has ownership and is cared for during its lifecycle. Maintenance and auditing (remediation) of this will be required because every time the same pull request happens, as scan and updated patch request must occur there too.<\/p>\n<p>Building a culture among your organization to have ownership of code, the maintenance of it, and pride in the application from release to release will take time. It is paramount to making Open Source more secure though, as the ownership and pride will help keep it secure. Implementing the technology checks on top will assist in keeping the teams involved and more secure, as will doing this continuously.<\/p>\n<p><span class=\"body-subhead-title\">4 best practices to mitigate open source code vulnerabilities:<\/span><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Identify: Maintain open source inventory<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Analyze: Track open source vulns and licenses<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Remediate: Fix and patch, upgrade<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Audit: Continuous monitoring<\/span><\/li>\n<\/ul>\n<p>To help prevent the costly mistakes that open source vulnerabilities and license risks can cause, SecOps teams can implement a solution like <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/hybrid-cloud\/cloud-one-open-source-security-by-snyk.html\">Trend Micro Open Source Security by Snyk<\/a>. This helps secure open source inventories throughout the application development with increased visibility for earlier identification and continuous monitoring to minimize exposure over time.<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/e\/best-practices-for-managing-open-source-code-risks.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Open source code is in the vast majority of commercial softwares today. Learn best practices to mitigate the unique risks that accompany its use. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":42628,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9520,9538,9522,9555],"class_list":["post-42627","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cloud","tag-trend-micro-research-compliancerisks","tag-trend-micro-research-expert-perspective","tag-trend-micro-research-exploitsvulnerabilities"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Manage Open Source Code Security Risks VP, Cloud Security 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/manage-open-source-code-security-risks-vp-cloud-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Manage Open Source Code Security Risks VP, Cloud Security 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/manage-open-source-code-security-risks-vp-cloud-security\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-27T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/manage-open-source-code-security-risks-vp-cloud-security.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"641\" \/>\n\t<meta property=\"og:image:height\" content=\"350\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/manage-open-source-code-security-risks-vp-cloud-security\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/manage-open-source-code-security-risks-vp-cloud-security\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Manage Open Source Code Security Risks VP, Cloud Security\",\"datePublished\":\"2021-05-27T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/manage-open-source-code-security-risks-vp-cloud-security\\\/\"},\"wordCount\":765,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/manage-open-source-code-security-risks-vp-cloud-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/manage-open-source-code-security-risks-vp-cloud-security.jpg\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cloud\",\"Trend Micro Research : Compliance&amp;Risks\",\"Trend Micro Research : Expert Perspective\",\"Trend Micro Research : Exploits&amp;Vulnerabilities\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/manage-open-source-code-security-risks-vp-cloud-security\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/manage-open-source-code-security-risks-vp-cloud-security\\\/\",\"name\":\"Manage Open Source Code Security Risks VP, Cloud Security 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/manage-open-source-code-security-risks-vp-cloud-security\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/manage-open-source-code-security-risks-vp-cloud-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/manage-open-source-code-security-risks-vp-cloud-security.jpg\",\"datePublished\":\"2021-05-27T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/manage-open-source-code-security-risks-vp-cloud-security\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/manage-open-source-code-security-risks-vp-cloud-security\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/manage-open-source-code-security-risks-vp-cloud-security\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/manage-open-source-code-security-risks-vp-cloud-security.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/manage-open-source-code-security-risks-vp-cloud-security.jpg\",\"width\":641,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/manage-open-source-code-security-risks-vp-cloud-security\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Manage Open Source Code Security Risks VP, Cloud Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Manage Open Source Code Security Risks VP, Cloud Security 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/manage-open-source-code-security-risks-vp-cloud-security\/","og_locale":"en_US","og_type":"article","og_title":"Manage Open Source Code Security Risks VP, Cloud Security 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/manage-open-source-code-security-risks-vp-cloud-security\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-05-27T00:00:00+00:00","og_image":[{"width":641,"height":350,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/manage-open-source-code-security-risks-vp-cloud-security.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/manage-open-source-code-security-risks-vp-cloud-security\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/manage-open-source-code-security-risks-vp-cloud-security\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Manage Open Source Code Security Risks VP, Cloud Security","datePublished":"2021-05-27T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/manage-open-source-code-security-risks-vp-cloud-security\/"},"wordCount":765,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/manage-open-source-code-security-risks-vp-cloud-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/manage-open-source-code-security-risks-vp-cloud-security.jpg","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cloud","Trend Micro Research : Compliance&amp;Risks","Trend Micro Research : Expert Perspective","Trend Micro Research : Exploits&amp;Vulnerabilities"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/manage-open-source-code-security-risks-vp-cloud-security\/","url":"https:\/\/www.threatshub.org\/blog\/manage-open-source-code-security-risks-vp-cloud-security\/","name":"Manage Open Source Code Security Risks VP, Cloud Security 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/manage-open-source-code-security-risks-vp-cloud-security\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/manage-open-source-code-security-risks-vp-cloud-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/manage-open-source-code-security-risks-vp-cloud-security.jpg","datePublished":"2021-05-27T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/manage-open-source-code-security-risks-vp-cloud-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/manage-open-source-code-security-risks-vp-cloud-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/manage-open-source-code-security-risks-vp-cloud-security\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/manage-open-source-code-security-risks-vp-cloud-security.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/manage-open-source-code-security-risks-vp-cloud-security.jpg","width":641,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/manage-open-source-code-security-risks-vp-cloud-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Manage Open Source Code Security Risks VP, Cloud Security"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42627","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=42627"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42627\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/42628"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=42627"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=42627"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=42627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}