This 6 minute video by IBM’s ethical hacking team outlines how some reusable, opensource, software (aka as 3rd party components) which contain vulnerabilities. Twenty year old code may have vulnerabilities that no-one is updating or addressing. In 2014, Heartbleed and Shellshock left users of these 3rd party open source code at risk without a direct way to produce a patch or mitigate the risk short of removing the software from their environments. This video outlines these considerations by showing how they were exploited in the above two examples.
