Why Source Composition Analysis (SCA) Isn't Just About Security? | Podcast Shorts

Source Composition Analysis is one of the most effective ways to root out security vulnerabilities in applications that use open source components. However, a side effect of using open source is that it results in a whole host of software components that may go undocumented. If left that way, these open source components can become very hard to detect, and can pose a serious security risk.

In this excerpt of the AppSecEngineer Podcast, our guest Steve Springett talks about his approach to inventory and the Software Bill of Materials (SBOM). According to Steve, it's far more effective for both security and your SBOM to inventory your open source components before analysing for security vulnerabilities.

#SourceCompositionAnalysis #DevOps #AppSecEngineer Learn more about Application Security and DevSecOps at- https://appsecengineer.com/ Explore the course plans and free trial at- https://appsecengineer.com/pricing/

Watch the full interview here: https://www.youtube.com/watch?v=vLAji4ujZEM&ab_channel=AppSecEngineer ... https://www.youtube.com/watch?v=v9M8X66-l3Y