Infosecurity-magazine.com

The Problem of Buggy Software Components

What do Heartbleed, Shellshock and Poodle all have in common? Well, apart from being software vulnerabilities discovered in 2014, they were all found in pre-built software components, used by ...
Dark Reading

Hundreds of Open Source Components Could Undermine Security, Census Finds

The Linux Foundation and Harvard's Lab for Innovation Science this week released the rankings of the top 500 open source projects in two major ecosystems in the first step toward cataloging the ...
Redmond Magazine

Microsoft Adds Vulnerable Components Preview to Defender Vulnerability Management

Microsoft this week announced a preview of a new Vulnerable Components Inventory feature in its Microsoft Defender Vulnerability Management service. The Vulnerable Components Inventory shows ...
Electronic Design

11 Myths About Software Bill of Materials

SBOMs provide visibility into software supply chain risks and vulnerabilities SBOMs can be generated automatically, including for C/C++ SBOMs are useful for both compliance and security SBOMs improve ...
Forbes

The Hidden Risk Lurking In The Software Supply Chain: Transitive Open-Source Dependencies

Varun Badhwar is CEO & Co-Founder at Endor Labs. Previously, he built Prisma Cloud for Palo Alto Networks following the RedLock acquisition. Packages arriving late, stores out of stock or overstocked, ...
CSOonline

Software composition analysis explained, and how it identifies open-source software risks

Software composition analysis (SCA) refers to obtaining insight into what open-source components and dependencies are being used in your application, and how—all in an automated fashion. This process ...