SBOMs and firewalls are part of Sonatype’s focus on software supply chain security

A flaw discovered in late 2021 in Log4j, a widely used open-source software, could be manipulated by hackers to breach vulnerable systems. Despite patches and fixes, one-third of organizations continue downloading the vulnerable software. The issue reinforces concerns around the software supply chain’s vulnerability to attack. The tech sector is grappling with formulating best practices and understanding the fundamentals, according to Brian Fox, CTO of Sonatype Inc.