 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Almost half of those surveyed last year by Synopsys believes media coverage has previously caused their organization to place more stringent controls on the use of open source. That was before the SolarWinds attack, so we already expected to see increased adoption. Now, the trend towards software composition analysis (SCA) may be about to accelerate.
The U.S. government is considering issuing an executive order that would require vendors to provide a software bill of materials (SBOMs). This would effectively boost existing industry-specific and cross-industry efforts to standardize the ways we track software dependencies and other metadata. SPDX, SWID and CycloneDX are the most common standards in use so far.
SCA tools often create their own SBOM after scanning the components in an application. That is important but more relevant is what can be done with this inventory. Right now, most organizations have to update old versions manually or mitigate security issues on a case-by-case basis. The future of the market is not being able to create lists but instead being able to automate actions based on those lists.
Source: Synopsys “DevSecOps Practices and Open Source Management“. Note that the report’s sample was heavily tilted towards East Asian respondents from smaller-sized organizations.
