Originally published at: https://www.sitepoint.com/does-your-app-include-open-source-components-5-security-tips/
A modern web application is bundled with tons of open-source dependencies. Developers are usually unaware of the number of open-source packages that's running under their package's hood. If you've ever wondered why your node_modules were so large, well that's why!
Contrary to popular belief, open-source components and dependencies are not more secure than their proprietary counterpart. Sure, there's a fleet of developers who volunteer to maintain certain repositories and that's great! However, the mere fact that lots of people use something doesn't make it more secure.
Add to this the issues around obsolete and abandoned packages. They're still popular amongst developers, but no longer maintained by anyone. In certain other cases, the developers are at fault by not prioritizing security updates. It becomes clear that protecting an organization's applications on a daily basis has now become a crucial necessity for survival in the market.
As you might already know, layered security is imperative and crucial. No one layer or program can withstand the numerous attacks from the unknowns of the dark web. Therefore, once organizations follow some of these best practices, they should be empowered to implement a robust strategy for a secure environment around their business-critical applications.
Package Your Components in a Container
The first stage in securing your applications is to ensure that they are sheltered within a Docker-like container. The inbuilt security of a container, along with its default configurations render a much stronger security posture. Applications that reside within settings such as this automatically inherit the same security guidelines. Furthermore, you can limit the damage your open source dependencies and APIs can do by running your app inside a container.
To make matters simpler, containers can be understood to be a protective shield of sorts. They isolate an application from the host computer as well as other containers. This helps to inhibit any vulnerabilities as well as any malicious use of the software.