Applying the 2022 OSSRA Findings to Software Supply Chain Risk Management
According to the 2022 Open Source Security and Risk Analysis (OSSRA) report, the overwhelming majority of software development organizations are leveraging open source to build their applications. However, the scale of use creates a growing management challenge. While development and risk management teams scramble to patch vulnerabilities, decipher complex license terms governing obligations associated with the use of each open source component and stay up-to-date with component versions, another consideration begs attention: How does this open source risk affect my software supply chain?