{"type":"video","version":"1.0","html":"<iframe src=\"https://www.loom.com/embed/e50b476aca0b4574b4200664c28cf998\" frameborder=\"0\" width=\"1910\" height=\"1432\" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>","height":1432,"width":1910,"provider_name":"Loom","provider_url":"https://www.loom.com","thumbnail_height":1432,"thumbnail_width":1910,"thumbnail_url":"https://cdn.loom.com/sessions/thumbnails/e50b476aca0b4574b4200664c28cf998-255a9640812eb736.gif","duration":125.945,"title":"Uncovering Vulnerabilities in Internal Libraries with Hopper 🔍","description":"In this video, I want to highlight one of Hopper's unique capabilities related to our internal developed libraries stored in systems like Sonatype Nexus or JFrog Artifactory. Hopper not only identifies our most vulnerable assets but also shows which internal libraries are proliferating recently, cross-referencing this with reachability and EPSS data for prioritization. I demonstrated how a Java library we maintain is linked to a critical vulnerability, emphasizing that over 50% of vulnerabilities can originate from internal libraries, often creating blind spots. I encourage you to take a deeper look into your internal libraries, such as com.acme.login and crypto, to mitigate these risks effectively. Thank you for your attention!"}