IDC Offers Commentary on Checkmarx Open Source Supply Chain Security Solution

As organizations continue to expand their use of Open Source Software (OSS) in developing applications, they must also identify solutions that reduce risk in the context of OSS supply chain attacks. This challenge is increasingly common, as a recent IDC Link: Checkmarx Extends Its Software Composition Analysis Solution With Software Supply Chain Security notes, “An IDC survey found the adoption of open source has gone mainstream, with 89% of software development and delivery organizations surveyed currently using or planning to use OSS”. Application development teams (aka, DevOps) leverage OSS to handle the foundation and basic ‘plumbing’ of applications so teams can concentrate on writing proprietary code and business logic to further the objectives of their organization. Software Composition Analysis (SCA) tools help organizations understand which OSS packages are being used in their applications, and which are known vulnerable—usually by way of a CVE. Supply Chain Security (SCS) both compliments SCA and furthers it by hunting for malicious software packages that attackers insert into the OSS supply chain. Checkmarx SCA now includes robust Supply Chain Security functionality to protect your organization.