SBOMs and firewalls are part of Sonatype’s focus on software supply chain security

A critical flaw in the Log4j open-source tool used in Java applications has created a major vulnerability for systems worldwide. Despite a patch being released and available to download, 29% of worldwide users are still using the vulnerable version. This highlights the lack of secure practices in the industry, with a widespread lack of understanding of software supply chains and dependencies, as well as the risks associated with containers in the enterprise IT space.