Owasp

Why should you care about security of third-party dependencies No matter how small the application you’re developing is, at some point you’ll end up using code that has been developed by someone else, i.e. you’ll be adding third-party dependencies to your source code. Deciding on when you should create a specific functionality yourself or when you should utilize a third-party library depends on the security and privacy requirements for your application, time restrictions, maintenance cost, available resources, size of implementation and many other factors. I will not go into detail about when you should choose what, but I would like to underline that it’s important to evaluate every case individually and perform third-party risk assessment where possible. ...