When we talk about security related to the software supply chain and third-party software management, it’s key that the tools you use provide detailed reports on the known and unknown vulnerabilities inside applications along with the level of exploitability of those vulnerable components. Absent that, all you have is a listing of SBOM parts without much to act on. Typically,

Revenera just released “The 2022 State of the Software Supply Chain Report”, which collects over 100 Revenera audit services projects and covers several topics around OSS such as Software Composition Analysis, License Compliance, Security Vulnerabilities, Open Source Licenses, the SBOM, the Supply Chain etc. The report is a response to the increase in OSS dependencies as well as the increase