On Demand Discussion with Osterman Research: Exposing Software Supply Chain Security Blind Spots

Posted on


The findings in a recent Osterman Research report present a serious weakness in the software supply chain of many widely used COTS software applications. This discussion shares results of the research report and discuss how organizations can take a more proactive approach to ensuring a stronger enterprise-wide cybersecurity posture.

In this discussion, you will learn:
• Why vulnerabilities in COTS software applications are a cybersecurity threat
• 100% of all analyzed applications with open-source components in five common software categories (web browsers, email, file sharing, online meetings and messaging) contained vulnerable open-source components
• Applications in the meeting and email client categories were the most vulnerable
• Critical vulnerabilities (CVSS 10.0) were found in 85% of these applications
• New ways of analyzing COTS software applications to better reduce your attack surface and potential for compromise


Screen Shot 2021-09-07 at 12.50.27 PM

Want to Generate an SBOM Today?

With CodeSentry from GrammaTech, there is no need to wait for your software vendor to provide you with an SBOM. By analyzing binaries of commercial off-the-shelf (COTS) software, CodeSentry automates the SBOM process—producing a report identifying the open source components and detecting vulnerabilities in the software. Try CodeSentry today.



Related Posts

Check out all of CodeSecure’s resources and stay informed.

view all posts

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now