These vulnerabilities within third-party sources, whether commercial or open source, present a growing risk to all enterprises and need addressing in production.įailing to detect and patch vulnerabilities can expose organizations to significant impact and cost, including financial penalties (potentially running into the hundreds of millions of dollars), compromised customer data, lower market capitalization and the firing of senior executives. Much of that code can come from undermanaged and understaffed open-source projects or from suppliers that don't provide adequate transparency as to the origin of the source code used. While there's nothing particularly technical about an SBOM (it's essentially a text file listing all of the components, libraries and modules for a given piece of software), it's not comprehensive unless it contains all of the code running in production-including third-party code.Īn estimated 40% to 80% of the lines of code in new software projects come from third parties such as libraries, components and SDKs. In the wake of the hack involving SolarWinds, the Biden administration took proactive steps to bring more transparency to the software supply chain-requiring a software bill of materials (SBOM) for vendors working with the federal government.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |