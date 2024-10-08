AppSec best practices

Thirty-six percent of organizations rely on the best practices recommended by third-party organizations like OWASP. Adherence to established guidelines ensures a baseline of security across diverse development environments. However, it also raises questions about the adaptability of these standards in the face of rapidly evolving threats such as the unique security challenges posed by AI-generated code.

For example, a common developer practice is to use “snippets” (small extracts from larger pieces of code) of open source code in software. Regardless of how small the snippet of code is, users of the software must still comply with any license associated with it. This problem is now exacerbated by the use of AI assistants, which may produce code without reference to its provenance. AI tools trained on public open source codebases could introduce potential IP, copyright, and license issues into the code it produces, particularly if that code is used in proprietary software.

Even one noncompliant license in software can result in legal reviews, freezes in merger and acquisition transactions, loss of intellectual property rights, time-consuming remediation efforts, and delays in getting a product to market.

Black Duck’s 2024 OSSRA report relates that over half—53%—of the applications examined contained open source with license conflicts, exposing those applications’ owners to potential IP ownership questions.