1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What’s in your code? Why you need a software bill of materials

Discussion in 'CSO' started by RSS, Sep 26, 2016.

  1. RSS

    RSS New Member Member

    Writing secure applications doesn't mean simply checking the code you've written to make sure there are no logic errors or coding mistakes. Attackers are increasingly targeting vulnerabilities in third-party libraries as part of their attacks, so you have to check the safety of all the dependencies and components, too.

    In manufacturing, companies create a bill of materials, listing in detail all the items included when building a product so that buyers know exactly what they're buying. Processed food packaging, for example, typically tells you what's inside so that you can make an informed buying decision.

    [ Also on InfoWorld: 19 open source GitHub projects for security pros. | Discover how to secure your systems with InfoWorld's Security newsletter. ]

    When it comes to software, untangling the code to know what libraries are in use and which dependencies exist is hard. It's a challenge most IT teams don't have the time or resources to unravel.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page