Summary

• Open source consumption in modern day applications has increased.

• Open source is obtained from many different repositories with different quality standards.

• Security information on vulnerabilities is scattered everywhere.

• License information is often difficult to validate.

• Most teams don’t have a component upgrade strategy.

• Open source components are the new attack vector.

What to do

• Generate an OSS Bill of Materials.

  • Use automated tooling

• Baseline open source consumption in your organization.

• Develop an open source component risk management strategy to mitigate current risk and reduce future risk.