How many potholes did you encounter on your way into work today? And how many of them did you report to the city?
Vulnerability reporting works much the same way. Developers find bugs – and vulnerabilities – and don’t always report them. That’s because of the manual process to diagnose and report each one. And that manual process might be holding automated tools back.
Software is assembled
Software is assembled from pieces, not written from scratch. And when you build and deploy an app, you also inherit the risk of each of those pieces. For example, A 2019 Synopsys reports 96% of code bases [caution: email wall] they scanned included open source software, and up to 60% contain a known vulnerability.
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
