State of Software Security: Has It Moved Past Unacceptable?
Brian Fox Discusses Legislative Efforts and Challenges in Software SecurityThe state of software security is constantly evolving, and although awareness and conversation around it have increased, the industry is no closer to solving the problem, said Brian Fox, co-founder and chief technology officer, Sonatype.
Fox highlighted the crucial issues the industry continues to face. While legislation such as the software bill of materials is forcing the industry to address these issues, there's still much work to be done. Despite increased awareness, he said, 33% of Log4j downloads are still of vulnerable versions.
"We are in a world where we can't trust any of our software anymore until we get better at understanding who the people behind it are, what their motivations are, and providing that level of transparency," Fox said.
In this video interview with Information Security Media Group at RSA Conference 2024, Fox also discussed:
- How companies are managing open-source software components after Log4j;
- How organizations should approach software composition analysis;
- How Sonatype is evolving to help customers meet their software security needs.
Fox has open-source experience as a member of the Apache Software Foundation and former chair of the Apache Maven project. He has over 20 years of experience leading the development of software for organizations, ranging from startups to large enterprises.