Security experts are always looking for a silver bullet. New products promise to resolve all your issues. Typically, these products overpromise to expand market share. Most attacks we see these days occur not because of genius attacks. Instead, they’re due to the company not following the simplest defensive practices. Keeping patches up-to-date and having strong password policies are still important. One of these often overlooked practices is software composition analysis (SCA). Let’s look at how SCA works and why it’s so important.
When you build any piece of modern software, there are a lot of components that aren’t completely yours. They might belong to an application programming interface hosted in the cloud from a third-party service. Or, they might come from an open-source library or a commercial library. SCA is key in these cases.
Don’t Neglect Software Composition Analysis
All of us talk about developing software, but we really write only 10% or 20% of that software. The rest are mainly imports and references or other modules that we have used. These are all third-party code. That fact generally becomes the major factor in attacks as well as risks.
Most of the new software languages provide package module options. Major new programming languages like PHP or Python also provide options such as modules to manage and build software. Therefore, you may use at-risk modules, outdated modules, discarded modules or all three. You can use software composition analysis to detect exposed and obsolete third-party libraries.
If you are using any commercial or open-source library, you must check for known vulnerabilities in your components. If you find an at-risk version, you should change or update it to the fixed version.
At present, there are lots of components in ..
Support the originator by clicking the read the rest link below.
