Categories
open source licensing open source security Software Bill of Materials

Measuring Up Software Composition Analysis Tools

The most critical challenge your organization faces when choosing a software composition analysis (SCA) vendor is understanding that some miss up to 60% of the open source, exposing your organization to security and licensing risks. We’re also seeing challenges surrounding the accuracy of the results. A vendor will find some open source but then mismatch […]

Categories
apache log4j open source security

Threatrix Apache Log4j Detection Demonstration

Keeping current with Log4j dependencies and new exploits is a complex and ongoing challenge. Organizations struggle to find the proverbial needle in hundreds of haystacks in a constantly changing environment. Then there is the issue of finding the right security tool to use across numerous applications and networks. Our Truematch technology gives us the unique […]

Categories
log4j open source security

Your Scanner Is Still Missing Log4j

As a result of Log4Shell’s popularity and easy exploitability, its potentially severe impact is tremendous. What has emerged is not just how mainstream it is, but how deeply woven it is into the software we use, and how difficult it is to detect. Log4Shell Detection Because it is common across open source and third-party applications, […]