Real-world supply chains can involve planes, ocean freighters, trains, trucks, and even bike couriers. So it’s no surprise that software supply chains also involve a wide variety of complementary production, distribution, and deployment channels.
One of the challenges with securing software supply chains is that solutions must be combined to address each conduit supporting the entire chain. Patching the libraries your software engineers copied into your final build is insufficient—you must also consider your base images, the packages and platforms brought in via provisioning scripts, and even possibly plugins deployed by admins post-deployment!
Unfortunately, these disparate channels often have different weaknesses and vulnerabilities and require different security approaches.
Watch this webinar with our special guest speaker and expert in open-source software ecosystems, John Speed Meyers, and the vulnerability scanning implementor, Julius Musseau, as they discuss the important perspectives on software supply chains.
What they will go through:
- An understanding of today’s sophisticated and multi-channel software supply chains
- What are the risks, and how to manage them
- Software Supply chains security best practices
Take a look at the big picture and discuss specific techniques tailored to protect some of these critical pieces better.
Open Source Research
A lot of people will claim that open source is everywhere, but how much open source software is actually out there? In this paper, we propose a methodology and associated tool that can analyze Java binaries and determine the proportion of open source that comprises them. The result of our research shows that around 80 to 90% of the software is made from open source.
