On Demand Discussion with Osterman Research: Exposing Software Supply Chain Security Blind Spots

September 15, 2021 Alison Napolitano

The findings in a recent Osterman Research report present a serious weakness in the software supply chain of many widely used COTS software applications. This discussion shares results of the research report and discuss how organizations can take a more proactive approach to ensuring a stronger enterprise-wide cybersecurity posture.

In this discussion, you will learn:
• Why vulnerabilities in COTS software applications are a cybersecurity threat
• 100% of all analyzed applications with open-source components in five common software categories (web browsers, email, file sharing, online meetings and messaging) contained vulnerable open-source components
• Applications in the meeting and email client categories were the most vulnerable
• Critical vulnerabilities (CVSS 10.0) were found in 85% of these applications
• New ways of analyzing COTS software applications to better reduce your attack surface and potential for compromise


Screen Shot 2021-09-07 at 12.50.27 PM

Want to Generate an SBOM Today?

With CodeSentry from GrammaTech, there is no need to wait for your software vendor to provide you with an SBOM. By analyzing binaries of commercial off-the-shelf (COTS) software, CodeSentry automates the SBOM process—producing a report identifying the open source components and detecting vulnerabilities in the software. Try CodeSentry today.

Schedule an SBOM


Previous Article
GrammaTech Named a SINET16 Cybersecurity Innovator
GrammaTech Named a SINET16 Cybersecurity Innovator

Each year, SINET evaluates the technologies and products from all over the world with hundreds o...

Next Article
The Future of the SBOM
The Future of the SBOM

Although it might seem premature to discuss the future of the software bill of materials (SBOM) ...