Exposing Software Supply Chain Security Blind Spots

Presented by

Michael Sampson, Senior Analyst, Osterman Research; Vince Arneja, Chief Product Officer, GrammaTech

About this talk

Research highlights hidden vulnerabilities in commonly used commercial off-the-shelf software applications Commercial off-the-shelf (COTS) software includes prevalent use of third-party and open-source components creating a software supply chain security blind spot. The findings in a recent Osterman Research report present a serious weakness in the software supply chain of many widely used COTS software applications. This webinar will share results of the research report and discuss how organizations can take a more proactive approach to ensuring a stronger enterprise-wide cybersecurity posture. In this webinar, you will learn: • Why vulnerabilities in COTS software applications are a cybersecurity threat • 100% of all analyzed applications with open-source components in five common software categories (web browsers, email, file sharing, online meetings and messaging) contained vulnerable open-source components • Applications in the meeting and email client categories were the most vulnerable • Critical vulnerabilities (CVSS 10.0) were found in 85% of these applications • New ways of analyzing COTS software applications to better reduce your attack surface and potential for compromise
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (35)
Subscribers (2096)
CodeSecure is a global provider of application security testing solutions including static analysis (SAST) and software composition (SCA) products. Our products, CodeSonar and CodeSentry, help organizations develop and release higher quality and more secure software – free of harmful defects and exploitable weaknesses that cause system failures, enable data breaches, and increase corporate liability.