- Shift Left Academy
Osterman Research Report
The recent cybersecurity presidential executive order put a spotlight on software supply chain security. The findings in this research report present a serious weakness in the software supply chain of many widely used commercial off-the-shelf software applications. Results found that all applications in five common software categories (web browsers, email, file sharing, online meetings and messaging) contained vulnerable open-source components that put enterprise organizations at risk of cyberattacks.
Exhibit: Vulnerability Severity per Category; Component with the highest CVSS score in a product
GrammaTech used its CodeSentry software supply chain security platform to analyze widely used software applications for the presence of open-source components and vulnerabilities. Osterman Research studied the output of the analysis to generate this report.