Why SBOMs Are Not Enough To Manage Modern Software Risks
SC Media, Wednesday, September 25th, 2024
We hear the phrase 'the world runs on open source' often. And while it's true and a lot of software in the world runs on open source, many enterprises don't.
The vast majority of enterprises run on commercial software, and for good reason: Companies want an organization that stands behind their ERP and other mission-critical software, one that will support, extend, and patch it.
But how do organizations gain assurance that it's truly safe and secure? They can't always do it.
The SolarWinds, 3CX, CircleCi, Kaseya, and Ivanti security breaches contradict the notion that open source software rules. Even if we go back to one of the original breaches that put software supply chain security on our radar such as NotPetya, that involved Ukranian tax software called MeDoc, which was commercial software.