In the last year and a half, one cybersecurity mess after another — the SolarWinds software supply chain attack, the log4j vulnerability, the npm bad code injection — have made it clear that we must clean up our software supply chain. That’s impossible to do with proprietary software, since its creators won’t let you know what’s inside a program. But with open-source programs, it can be done.
Here’s the progress we’ve made so far, according to the Linux Foundation in its new The State of Software Bill of Materials and Cybersecurity Readiness report.
Securing the open source ecosystem: SBOMs are no longer optional. More>