We reported last week on a new tool to help spot vulnerabilities present in active open source systems. To prevent problems from being introduced into new systems, open source governance specialist Sonatype is launching a tool to enable developers to identify and avoid using open source components that have known vulnerabilities. According to Sonatype's 2018 DevSecOps Community Survey released earlier this year, one in three organizations has suffered suspected or verified breaches due to OSS vulnerabilities. Breaches due to open source vulnerabilities are up by over 50 percent since 2017. "The need for more secure coding practices has never been greater,"…
[Continue Reading]