The use of open-source software is growing rapidly from day to day. Open-source software has many benefits - it is free of charge, developed and maintained by the sharpest minds, and so on.
Open-source projects also play a significant role in cloud-native applications - which brings up another risk that organizations shifting their applications to the cloud need to evaluate and address. A small mistake or a missing security check in an open-source code is more than enough to expose your cloud environment and clients to risk. In this talk, you will see common types of vulnerabilities observed in open-source cloud native projects, such as cross-site scripting, denial of service, directory traversal attacks, and more. We will also highlight another risk - undisclosed vulnerabilities - and discuss why such vulnerabilities are not always assigned a CVE, and how you can reduce the risk.