Increasing reliance on open source software and the prevalence of vulnerabilities in OSS code have led to a call for regulations. Here are ways to improve OSS risk detection.
A report revealed that 95% of vulnerabilities identified in applications are embedded in transitive dependencies – open source code packages indirectly pulled into projects without developer knowledge or approval.