Enterprise use of open-source software (OSS) has seen continued growth in recent years, powering rapid innovation and solution development. Unfortunately, as OSS use has increased, so too have software supply chain attacks. In the battle against software supply chain risk, common vulnerabilities and exposures (CVEs) serve as critical tools. In this session, we’ll dive into CVEs and how to handle them. Questions we’ll cover include:
- Where does CVE data come from?
- What goes into a CVE score?
- What are the benefits and limitations of public CVE data?
- How can enterprises use CVEs to secure their OSS pipelines?