Taylor Gulley, Senior Application Security Consultant at nVisium, a Falls Church, Va.-based application security provider, explains, “There are countless risks that Shadow Code poses to organizations, one being the potential for a full compromise of the application and the data within that application. In addition to technical risks, the reputational risks could be catastrophic if a vulnerability is introduced to your application due to an unvetted, third-party library. Regarding privacy, would you let just anyone walk into your workplace? By not properly auditing the code added to your application, you’re relying on the maintainers of that code to perform security checks on your behalf. This lack of control greatly increases your attack.”