Many attackers exploit known vulnerabilities associated with old or out-of-date software. To thwart common attacks, ensure that all your systems have up-to-date patches. Regular patching is one of the most effective software security practices.
Of course, you can’t keep your software up to date if you don’t know what you’re using. Today, an average of 70%—and often more than 90%—of the software components in applications are open source. You need to maintain an inventory, or a software bill of materials (BOM), of those components. A BOM helps you make sure you are meeting the licensing obligations of those components and staying on top of patches.
It’s challenging to create a software BOM manually, but a software composition analysis (SCA) tool will automate the task and highlight both security and licensing risks.