Forbes

The Hidden Risk Lurking In The Software Supply Chain: Transitive Open-Source Dependencies

Varun Badhwar is CEO & Co-Founder at Endor Labs. Previously, he built Prisma Cloud for Palo Alto Networks following the RedLock acquisition. Packages arriving late, stores out of stock or overstocked, ...
TechRepublic

Open source code for commercial software applications is ubiquitous, but so is the risk

Open source code for commercial software applications is ubiquitous, but so is the risk Your email has been sent It was almost exactly one year ago that experts found ...
Infosecurity-magazine.com

Transitive Dependencies Account for 95% of Bugs

Nearly all (95%) open source vulnerabilities are found in transitive or indirect dependencies, according to a new report from Endor Labs that highlights the challenges of remediation in these ...
Bleeping Computer

Google releases dev tool to list vulnerabilities in project dependencies

Google has launched OSV Scanner, a new tool that allows developers to scan for vulnerabilities in open-source software dependencies used in their project. The scanner draws data from OSV.dev, the ...
ZDNet

Log4j flaw hunt shows how complicated the software supply chain really is

Open-source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain. The challenge ...