On Demand Discussion with Osterman Research: Exposing Software Supply Chain Security Blind Spots

Posted on


The findings in a recent Osterman Research report present a serious weakness in the software supply chain of many widely used COTS software applications. This discussion shares results of the research report and discuss how organizations can take a more proactive approach to ensuring a stronger enterprise-wide cybersecurity posture.

In this discussion, you will learn:
• Why vulnerabilities in COTS software applications are a cybersecurity threat
• 100% of all analyzed applications with open-source components in five common software categories (web browsers, email, file sharing, online meetings and messaging) contained vulnerable open-source components
• Applications in the meeting and email client categories were the most vulnerable
• Critical vulnerabilities (CVSS 10.0) were found in 85% of these applications
• New ways of analyzing COTS software applications to better reduce your attack surface and potential for compromise


Screen Shot 2021-09-07 at 12.50.27 PM

Want to Generate an SBOM Today?

With CodeSentry from GrammaTech, there is no need to wait for your software vendor to provide you with an SBOM. By analyzing binaries of commercial off-the-shelf (COTS) software, CodeSentry automates the SBOM process—producing a report identifying the open source components and detecting vulnerabilities in the software. Try CodeSentry today.



Related Posts

Check out all of GrammaTech’s resources and stay informed.

view all posts

Contact Us

Get a personally guided tour of our solution offerings. 

Contact US