{"id":36177,"date":"2020-07-20T20:00:35","date_gmt":"2020-07-20T20:00:35","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=91568"},"modified":"2020-07-20T20:00:35","modified_gmt":"2020-07-20T20:00:35","slug":"hello-open-source-security-managing-risk-with-software-composition-analysis","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/hello-open-source-security-managing-risk-with-software-composition-analysis\/","title":{"rendered":"Hello open source security! Managing risk with software composition analysis"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2020\/07\/CLO20b_Aline_office_001-7-20-BANNER-PNG.png\" class=\"ff-og-image-inserted\"><\/div>\n<p>When first learning to code many people start with a rudimentary \u201cHello World\u201d program. Building the program teaches developers the basics of a language as they write the code required to display \u201cHello World\u201d on a screen. As developers get more skilled, the complexity of the programs they build increases.<\/p>\n<p>But building a complex app entirely from scratch these days is not the norm because there are so many fantastic services and functions available to developers via libraries, plug-ins, and APIs that developers can consume as part of their solution. If you were building a website to show off your amazing nail art or community farm you wouldn\u2019t build your own mapping tool for directions, you\u2019d plug in a map tool service like <a href=\"https:\/\/www.bing.com\/maps\" target=\"_blank\" rel=\"noopener noreferrer\">Bing Maps<\/a>. And if another developer has already built out a robust, well-vetted open-source cryptographic library, you\u2019re better off using that rather than trying to roll your own.<\/p>\n<p>Today\u2019s apps are rich composites of components and services\u2014many of which are open source. Just how many? Well, the Synopsis <a href=\"https:\/\/www.synopsys.com\/content\/dam\/synopsys\/sig-assets\/reports\/2020-ossra-report.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">2020 Open Source Security and Risk Analysis Report<\/a> found that \u201copen source components and libraries are the foundation of literally every application in every industry.\u201d But just like any other software, open-source components must be assessed and managed to ensure that the final product is secure. So how can you take advantage of the benefits of open source without increasing risk? Software Composition Analysis (SCA)!<\/p>\n<h3>SCA Explained<\/h3>\n<p>SCA is a lifecycle management approach to tracking and governing the open source components in use in an organization. SCA provides insight into which components are being used, where they are being used, and if there are any security concerns or updates required. This approach provides the following benefits:<\/p>\n<ul>\n<li><strong>Quickly respond to vulnerabilities:<\/strong> Understanding which components you are using will allow you to take action when you learn of a security vulnerability. This is critical when components are re-used in a number of places. For example, the infamous \u201cheartbleed\u201d vulnerability in the popular OpenSSL library affected <a href=\"https:\/\/www.pewresearch.org\/internet\/2014\/04\/30\/heartbleeds-impact\/#main-findings\" target=\"_blank\" rel=\"noopener noreferrer\">hundreds of thousands of web servers<\/a>. When the ASN1 parsing issue was announced, attackers immediately began trying to exploit it. Organizations with an SCA program were better able to rapidly and completely replace or patch their systems, reducing their risk.<\/li>\n<li><strong>Provide guidance to your developers:<\/strong> Developers usually work under a deadline and need ways to build great apps quickly. If they don\u2019t have a process for finding the right open source component, they may select one that\u2019s risky. An approved repository of open source components and a process for getting new components into the repository can go a long way to support the development teams\u2019 need for speed, in a secure way.<\/li>\n<\/ul>\n<h3>Define your strategy<\/h3>\n<p>A strong SCA program starts with a vision. If you document your strategy, developers and managers alike will understand your organization\u2019s approach to open source. This will guide decision-making during open-source selection and contribution. Consider the following:<\/p>\n<ul>\n<li><strong>Licensing: <\/strong>Not all open source projects document their licensing, but if there isn\u2019t a license, it\u2019s technically not open source and is subject to copyright laws. Some licenses are very permissive and will let you do whatever you want with the code as long as you acknowledge the author. Other licenses, often referred to as copyleft licenses require that any derivative code be released with the same open source license. You also need to be aware of licenses that restrict patenting. Your strategy should outline the licensing that is appropriate for your business.<\/li>\n<li><strong>Supportability: <\/strong>What is your philosophy on support? If you have the right skills, you can choose to support the software yourself. Some open-source companies include support subscriptions that you can purchase. You can also hire third-party organizations to provide support. Make sure your team understands your support policy.<\/li>\n<li><strong>Security:<\/strong> There are several approaches that you can use to vet third-party code. Developers can evaluate public resources to uncover vulnerabilities. You can also require that they perform static analysis to uncover unreported security issues. If you want to be more comprehensive add dynamic analysis, code review, and security configuration review.<\/li>\n<\/ul>\n<h3>Establish governance<\/h3>\n<p>Your strategy will help you align on objectives and guidelines, but to put it in action, you\u2019ll need to define processes and responsibilities.<\/p>\n<ul>\n<li><strong>Approved open source projects<\/strong>: Are there open source projects that are well-aligned with your organization that you\u2019d like developers to consider first? How about open source software that is banned?<\/li>\n<li><strong>Approval process:<\/strong> Determine how you will engage legal experts to review licenses, how developers should request approvals, and who makes the final decision.<\/li>\n<li><strong>Security response: <\/strong>Document how you will respond and who is responsible if a security vulnerability is reported.<\/li>\n<li><strong>Support:<\/strong> Determine how you will engage support when non-security bugs are identified.<\/li>\n<\/ul>\n<h3>Create a toolkit<\/h3>\n<p>To manage your open source software, you need to track the components and open-source licenses that are currently in use. It\u2019s also important to scan software for vulnerabilities. Open source and commercial tools are available and can be integrated into your continuous integration\/continuous deployment process.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/01\/16\/introducing-microsoft-application-inspector\/\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Application Inspector<\/a> is a static analysis tool that you can use to detect poor programming practices and other interesting characteristics in the code. It can help you identify unexpected features that require additional scrutiny.<\/p>\n<h3>Build engagement<\/h3>\n<p>Building consensus for the open-source security program is just as important as the program components. Make sure all your resources, approved open source licenses, and processes are easily accessible. When you roll out the program, clearly communicate why it\u2019s important. Train your developers in the process and the tools they will use and provide regular updates as things change.<\/p>\n<p>Open Source is a vibrant and valuable part of the development process. With the right program and tools in place, it can also be a well-governed and risk-managed process that helps developers deliver more secure software faster.<\/p>\n<p>Read <a href=\"https:\/\/www.microsoft.com\/en-us\/securityengineering\/opensource\/?activetab=security+analysis%3aprimaryr3\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft\u2019s guidance for managing third part components<\/a>.<\/p>\n<p>Find <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/05\/21\/build-support-open-source-organization\/\" target=\"_blank\" rel=\"noopener noreferrer\">advice for selecting and gaining approval for open source in your organization<\/a>.<\/p>\n<p>Bookmark the&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security blog<\/a>&nbsp;to keep up with our expert coverage on security matters. Also, follow us at&nbsp;<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">@MSFTSecurity<\/a>&nbsp;for the latest news and updates on cybersecurity. Or reach out to me on&nbsp;<a href=\"https:\/\/www.linkedin.com\/in\/dianakelleysecuritycurve\/\" target=\"_blank\" rel=\"noopener noreferrer\">LinkedIn<\/a>&nbsp;or&nbsp;<a href=\"https:\/\/twitter.com\/dianakelley14\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>.<\/p>\n<p> READ MORE <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/07\/20\/open-source-security-managing-risk-software-composition-analysis\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Software composition analysis guides the selection and management of open source components to help you reduce your security risk.<br \/>\nThe post Hello open source security! Managing risk with software composition analysis appeared first on Microsoft Security. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":36178,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[276],"tags":[347,5345,6681],"class_list":["post-36177","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-secure","tag-cybersecurity","tag-incident-response","tag-security-strategies"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Hello open source security! Managing risk with software composition analysis 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/hello-open-source-security-managing-risk-with-software-composition-analysis\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hello open source security! Managing risk with software composition analysis 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/hello-open-source-security-managing-risk-with-software-composition-analysis\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-07-20T20:00:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/hello-open-source-security-managing-risk-with-software-composition-analysis.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hello-open-source-security-managing-risk-with-software-composition-analysis\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hello-open-source-security-managing-risk-with-software-composition-analysis\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Hello open source security! Managing risk with software composition analysis\",\"datePublished\":\"2020-07-20T20:00:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hello-open-source-security-managing-risk-with-software-composition-analysis\\\/\"},\"wordCount\":1058,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hello-open-source-security-managing-risk-with-software-composition-analysis\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/hello-open-source-security-managing-risk-with-software-composition-analysis.png\",\"keywords\":[\"Cybersecurity\",\"incident response\",\"Security strategies\"],\"articleSection\":[\"Microsoft Secure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hello-open-source-security-managing-risk-with-software-composition-analysis\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hello-open-source-security-managing-risk-with-software-composition-analysis\\\/\",\"name\":\"Hello open source security! Managing risk with software composition analysis 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hello-open-source-security-managing-risk-with-software-composition-analysis\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hello-open-source-security-managing-risk-with-software-composition-analysis\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/hello-open-source-security-managing-risk-with-software-composition-analysis.png\",\"datePublished\":\"2020-07-20T20:00:35+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hello-open-source-security-managing-risk-with-software-composition-analysis\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hello-open-source-security-managing-risk-with-software-composition-analysis\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hello-open-source-security-managing-risk-with-software-composition-analysis\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/hello-open-source-security-managing-risk-with-software-composition-analysis.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/hello-open-source-security-managing-risk-with-software-composition-analysis.png\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hello-open-source-security-managing-risk-with-software-composition-analysis\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/cybersecurity\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Hello open source security! Managing risk with software composition analysis\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hello open source security! Managing risk with software composition analysis 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/hello-open-source-security-managing-risk-with-software-composition-analysis\/","og_locale":"en_US","og_type":"article","og_title":"Hello open source security! Managing risk with software composition analysis 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/hello-open-source-security-managing-risk-with-software-composition-analysis\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-07-20T20:00:35+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/hello-open-source-security-managing-risk-with-software-composition-analysis.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/hello-open-source-security-managing-risk-with-software-composition-analysis\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/hello-open-source-security-managing-risk-with-software-composition-analysis\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Hello open source security! Managing risk with software composition analysis","datePublished":"2020-07-20T20:00:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hello-open-source-security-managing-risk-with-software-composition-analysis\/"},"wordCount":1058,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hello-open-source-security-managing-risk-with-software-composition-analysis\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/hello-open-source-security-managing-risk-with-software-composition-analysis.png","keywords":["Cybersecurity","incident response","Security strategies"],"articleSection":["Microsoft Secure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/hello-open-source-security-managing-risk-with-software-composition-analysis\/","url":"https:\/\/www.threatshub.org\/blog\/hello-open-source-security-managing-risk-with-software-composition-analysis\/","name":"Hello open source security! Managing risk with software composition analysis 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hello-open-source-security-managing-risk-with-software-composition-analysis\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hello-open-source-security-managing-risk-with-software-composition-analysis\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/hello-open-source-security-managing-risk-with-software-composition-analysis.png","datePublished":"2020-07-20T20:00:35+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/hello-open-source-security-managing-risk-with-software-composition-analysis\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/hello-open-source-security-managing-risk-with-software-composition-analysis\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/hello-open-source-security-managing-risk-with-software-composition-analysis\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/hello-open-source-security-managing-risk-with-software-composition-analysis.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/hello-open-source-security-managing-risk-with-software-composition-analysis.png","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/hello-open-source-security-managing-risk-with-software-composition-analysis\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.threatshub.org\/blog\/tag\/cybersecurity\/"},{"@type":"ListItem","position":3,"name":"Hello open source security! Managing risk with software composition analysis"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36177","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=36177"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36177\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/36178"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=36177"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=36177"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=36177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}