The New Battleground is Shadow Code

The New Battleground is Shadow Code

Results from the 2020 survey by Osterman Research and PerimeterX on the risk of third-party scripts and open-source libraries used in modern web applications.

The New Battleground is Shadow Code

#Shadow Code remains a blind spot for most information security teams and trust is eroding, according to a new PerimeterX/Osterman Research Report titled “Shadow Code: The Hidden Risk to Your Website.” This second annual survey uncovers the impact of third-party scripts and open-source libraries used in web applications across organizations.

Like Shadow IT, where employees use cloud services and software that is not approved, monitored or supported by Corporate IT, Shadow Code includes any code introduced into a website or web application without approval or security validation.

Findings include:

• Only 8% of respondents reported that they have complete insight into the Shadow Code that is currently running on their websites. This is down from 10% in 2019.
• More than 30% of respondents reported that they do not trust the providers of their third-party scripts. This mistrust in third-party providers has increased by 77% since 2019.
• An average of 38% of respondents knew for a fact that their corporate websites had been hacked, and another 40% suspected they had been hacked.

• Most don’t believe that their web properties are secure: only 30% of survey respondents affirm that their externally-facing web properties are completely secure from threats like Magecart attacks, down from about 40% in the 2019 survey.