Dark Reading

Dependency Problems Increase for Open Source Components

The average software application depends on more than 500 open source libraries and components, up 77% from 298 dependencies in two years, highlighting the difficulty of tracking the vulnerabilities ...
CSOonline

Software composition analysis explained, and how it identifies open-source software risks

Software composition analysis (SCA) refers to obtaining insight into what open-source components and dependencies are being used in your application, and how—all in an automated fashion. This process ...