This article has been indexed from Security Boulevard
It’s similar to your home’s security.
SCA stands for Software Composition Analysis, although, this could be more confusing than the acronym.
One hint is in the word composition which can be defined as “the nature of something’s ingredients or components; the way in which a whole or mixture is made up.”
Thus, SCA == an analysis of software and all its components.
Software components can be divided into two categories:
- open-source code
or
2. proprietary source code
In today’s world, open-source is ubiquitous. In fact, up to 90% of applications are open source. Proprietary code has fallen by the wayside because of its lack of ability to keep up with the speed that open source enables.
Proprietary source code takes longer and investors don’t like to wait. In the world of quarterly business reviews, speed to market is a # 1 priority.
This isn’t a fad either. According to a recent report, 2020 saw a 259% increase in open source components from 2016. In 2016, there was an average of 84 open source components per application and in 2020 this increased to 528.
What’s more, according to this same report, 91% of codebases contained open source components that hadn’t been touched in the last two years.
This leaves us vulnerable. As the economist, Thomas Sowell says, “There are no solutions. There are only trade-offs.”
The trade-off is — open source code has the ability to meet the speed and innovation needs of technology investors but this comes with a cost. That is — as we increase the number of open source components to our applications, we increase the need for upkeep and we also increase the surface area for security vulnerabilities.
Insert SCA security.
What is SCA security?
It’s the intersection between innovation and vulnerable code. As we grow our open source code to innovate faster, we have to grow our abili
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: What is SCA security?