RSAC Fireside Chat: Turning full attention to locking down the security of ‘open source’

By Byron V. Acohido

Software composition analysis — SCA – is a layer of the security stack that, more so than ever, plays a prominent role in protecting modern business networks.

Related: All you should know about open-source exposures

This is especially true as software developers increasingly rely on generic open source and commercial components to innovate in hyperkinetic DevOps and CI/CD mode. Open source coding has come to dominate business software applications; rising to comprise 75 percent of audited code bases and putting open source on a trajectory to become a $50 billion subsector of technology by 2026.

As RSA Conference 2023 gets underway today at San Francisco’s Moscone Center, advanced ways to secure open source components is getting a good deal of attention.

Guest expert: Rami Sass, CEO, Mend

The infamous SolarWinds breach put a spotlight on the risk of malicious open-source components, and the White House has put its weight behind software supply chain best practices.

I had the chance to visit with Rami Sass, CEO of Mend, a Tel Aviv-based supplier of automated remediation technologies designed to help keep open source components as secure as possible. For a full drill down on our conversation please give the accompanying podcast a listen.

Sass filled me in about a trend that started about two and a half years ago; he noted that bad actors have turned their full attention to seeking out and exploiting fresh vulnerabilities in fully updated open-source components in live service.

Mend and other SCA solution vendors are stepping up their game to counter this trend. I’ll keep watch and keep reporting.


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone