application-security

Using Components with Known Vulnerabilities

Using Components with Known Vulnerabilities (OWASP A06)

Definition

This OWASP Top 10 category covers the risk of using software components (libraries, frameworks, OS packages) that have known, unpatched security vulnerabilities. Since open-source components constitute 70-90% of modern application code, a single vulnerable transitive dependency can expose an application to critical attacks.

SCA tools and dependency management automation (Dependabot, Renovate) are the primary controls.

Related Terms

SCA

Software Composition Analysis

SBOM

Software Bill of Materials

Dependabot

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product