Considering the continuous increase in cybersecurity attacks targeting large organizations over the past few years and regulations like PCI DSS, HIPAA, NIST 800-731 – to name a few – it’s no surprise that enterprise investment in vulnerability management is on the rise. Detecting, prioritizing, and remediating security vulnerabilities in today’s rapidly evolving threat landscape is no small feat.

Software supply chain attacks are back in the news. Last week, security researcher Alex Birsan executed a novel attack against Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, and Uber by leveraging a design flaw in automated build and installation tools. Along with the recent SolarWinds breach, this most recent attack is renewing attention on software supply chain security.

Used by developers around the world, open source components comprise 60%-80% (and likely more) of the codebase in modern applications. Open source components speed the development of proprietary applications, save money, and help organizations stay on the cutting edge of technology development. Despite the widespread adoption of open source components, myths persist about its usage. The following are the top three concerns associated with open source use.

In order to develop stable and secure applications, you need to inspect and verify that your software performs as expected. The most common approaches to testing software are white box testing, black box testing, and gray box testing. While white box testing and black box testing have their pros and cons, gray box testing combines the two testing approaches in an attempt to overcome their deficits.