How to integrate SBOMs into the software development life cycle

How to integrate SBOMs into the software development life cycle

The widespread availability of third-party and open source software has significantly accelerated modern software development. These technologies also pose a risk, because the external code used by a company has not gone through vital security review processes. A software bill of materials (SBOM) can help provide governance over these external ... Read More

Introducing Our 8th Annual State of the Software Supply Chain Report

The software supply chain has definitely been in all corners of the news this year, including finance, government, and technology. Although the focus is on security concerns, better supply chain management has benefits beyond preventing downtime and data breaches ... Read More

Despite What Some Vendors Say, Please Don’t Ignore Log4j

Mirroring the explosive growth of open source software, analysis around open source vulnerabilities continues to dominate headlines. However, in an alarming trend, many security vendors have begun citing stats that downplay risk to amplify their services, like the recent statistic that “96% of Log4j in use…was not vulnerable to the ... Read More

What is Code Quality? 5 Software Development Checks You Should be Automating

Product development is a delicate balancing act of delivering new features and investing in architecture and technology, all while trying to focus on building the right product.  Have you ever experienced one of these scenarios? ... Read More

Prioritizing Open Source Vulnerabilities: Is Reachability Useful?

Effective vulnerability management is a major task for development teams, and knowing what problems to prioritize can save unnecessary re-work. In the Software Composition Analysis (SCA) community, a hotly-debated approach to prioritization is vulnerability reachability, also known as “call flow.” Today, we take a look at why vendors argue for ... Read More