PC World

Software applications have on average 24 vulnerabilities inherited from buggy components

Many commercial software companies and enterprise in-house developers are churning out applications that are insecure by design due to the rapid and often uncontrolled use of open-source components.
Dark Reading

Dependency Problems Increase for Open Source Components

The average software application depends on more than 500 open source libraries and components, up 77% from 298 dependencies in two years, highlighting the difficulty of tracking the vulnerabilities ...
CSOonline

Software composition analysis explained, and how it identifies open-source software risks

Software composition analysis (SCA) refers to obtaining insight into what open-source components and dependencies are being used in your application, and how—all in an automated fashion. This process ...
CSOonline

The state of application security: What the statistics tell us

Companies are moving toward a DevSecOps approach to application development, but problems remain with security testing ownership and open-source code vulnerabilities. Credit: kristina flour; modified ...
Dark Reading

Hundreds of Open Source Components Could Undermine Security, Census Finds

The Linux Foundation and Harvard's Lab for Innovation Science this week released the rankings of the top 500 open source projects in two major ecosystems in the first step toward cataloging the ...
Embedded

10 Questions to ask before buying a software composition analysis tool

Most modern software applications are built using third-party and open-source components that are stitched together with original code to achieve the desired capabilities. Third party software, which ...