The State Of Open Source Cloud-Native Security
Security Boulevard, Friday, January 12th, 2024
In recent years, there's been a significant emphasis on securing the software supply chain. Especially concerning is the growing number of risks inherent within open source software distributions.
This has ignited much development around cloud-native open source security in the form of software bills of materials (SBOMs), projects intended to verify the provenance of OSS packages and more.
Many organizations loop in large open source packages but only use a tiny sliver of the features, opening up an unnecessary attack surface. OSS is still prone to typosquatting and new zero-day exploits. Not to mention exploits like Log4j are still unpatched in a high percentage of deployments.