Precise Intelligence is Critical when Using Open Source Components

The application security team within a top tier financial services corporation was looking for a tool to help them automatically manage security risk associated with open source components and third-party libraries.

To evaluate potential open source governance partners, the company invited Sonatype and an application security vendor, JFrog, to scan a core set of applications. They then compared the results of the scans side-by-side in order to determine who provided the most accurate results. This whitepaper details what the company found.