Protecting the supply chain is notoriously tricky, but why specifically? According to Sonatype’s Annual State of the Software Supply Chain Report, 96% of attacks hinged on an open-source software (OSS) vulnerability that already had an available patch, while just 4% of attacks were deemed “unavoidable.” Considering the many consequences of OSS compromise — e.g. credential harvesting and financial data loss — why are so many of these “avoidable” attacks still getting through? Read theNET.
