Chart of the Week

FEB 2024: VOLUME 3

Poisoned Software Supply Chains

The shadowy world of Known Unknowns

You hire contractors to do a job. Your contractors hire sub-contractors. The sub-contractors hire more sub-contractors creating a chain that may be 30 levels deep. And soon, you no longer know the origin of some people working on your job. How risky is that?

3% of software components in OSS are of unknown origin. Your open-source dependencies drag them into your application. Not only their origins but their source code is unknown. Your developers, open source developers that included them also don’t know what they do!

Your software application contains these Known unknowns? Your SCA tools and App-sec tools cannot detect these. Lineaje does!