White papers

Now Tech: Software Composition Analysis, Q1 2019

Issue link: https://resources.whitesourcesoftware.com/i/1074576

Contents of this Issue


Page 0 of 11

Now Tech: Software Composition Analysis, Q1 2019 Forrester's Overview Of 17 Software Composition Analysis Providers by Amy DeMartine January 24, 2019 LICENSED FOR INDIVIDUAL USE ONLY FORRESTER.COM Key Takeaways Improve Open Source Security With Software Composition Analysis Developers use open source components to achieve speed; however, vulnerabilities in these components represent a top target for successful external attacks. Embedding software composition analysis tools in the software delivery life cycle and using the results as a quality gate prevents the use of vulnerable open source while providing developers the speed they demand. Select Vendors Based On Size And Functionality SCA specialists have the most robust functionality in this segment, but they only provide SCA capabilities. Container security and repository-adjacent vendors offer broader functionality beyond SCA but have less robust SCA capabilities. Encourage Your Developers To Aggressively Use Open Source In the past, security pros approached the use of open source with reluctance or even disapproval, considering it too risky. By helping implement SCA tools into their firm's development practices, security pros can confidently encourage developers to use open source. Why Read This Report You can use software composition analysis (SCA) to eliminate vulnerable components, reduce license risk, and apply consistent policies during the software development life cycle (SDLC). But to access these benefits, you'll first have to select from a diverse set of vendors — vendors that vary by size, functionality, geography, and vertical market focus. Security professionals should use Forrester's Now Tech report to understand the value they can expect from an SCA provider and select vendors based on size and functionality. This PDF is only licensed for individual use when downloaded from forrester.com or reprints.forrester.com. All other distribution prohibited.

Articles in this issue

view archives of White papers - Now Tech: Software Composition Analysis, Q1 2019