Developers Need Smarter SCA Tools to Fight Software Supply Chain Attacks - podcast episode cover

Developers Need Smarter SCA Tools to Fight Software Supply Chain Attacks

Cybersecurity Tech Brief By HackerNoon
May 26, 20234 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

This story was originally published on HackerNoon at: https://hackernoon.com/developers-need-smarter-sca-tools-to-fight-software-supply-chain-attacks.
Software composition analysis (SCA) tools render too many false positives, and aren't smart enough to find modified dependencies. New methods show promise...
Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity. You can also check exclusive content about #cybersecurity, #appsec, #sast, #third-party-code, #oss, #software-supply-chain-attacks, #sbom, #security, and more.

This story was written by: @andrejc. Learn more about this writer by checking @andrejc's about page, and for more stories, please visit hackernoon.com.

Software composition analysis (SCA) tools render too many false positives. SCA based on code matching will only find components integrated into a software stack without modification. Pattern recognition and intelligent analysis is needed for components that have been modified in irregular ways. The Apona platform claims to utilize intelligent pattern recognition and deep scanning across file, component, and function levels, detecting OSS with near 100% accuracy.

For the best experience, listen in Metacast app for iOS or Android