Potential Security Risks of integrating software add-in requests;

0 Votes

Potential Security Risks of integrating software add-in requests;

I test add-ins/Add-ons, just about any extra component which is usually free, but may have security issues on the network.
In the Add-in committee I work with, the chair-person has asked if I would look around for information under the rubric of:

"I am looking for respected documentations and views that support the belief that software add-ins can pose a threat to a network infrastructure when not properly scrutinized and analyzed, especially when the add-in which one believes he or she is installing turns out be imbedded[embedded] with malicious code."

Anyway, its not as easy as it seems since while the point is a given in most cases, trying to get documents to support this contention to management, is harder; can you help with any references? I am in a State govt IT dept, and so the budget is zip. And thus far, I just wish I had a Lexis Nexis account, and people have agreed.
Anyway, if you have any good IEEE or similar sort of articles ( well argued with references) I would appreciate it.