New Paper in IEEE: Continuous Verification of Open Source Components in a World of Weak Links
I published a research paper titled "Continuous Verification of Open Source Components in a World of Weak Links" available through IEEE.
The paper addresses security risks in open source software, noting that 99% of today's software utilizes open source. These next-generation supply chain attacks have increased 430% in the last year.
The work presents six continuous verification controls that enable organizations to make data-driven decisions and mitigate breaches. In case studies, the controls identified high levels of risk immediately even though the package is widely used and has over 7 million downloads a week.