Precise Intelligence is Critical when Using Open Source Components
The application security team within a large health information technology organization was looking for a tool to help them automatically manage security risk associated with open source components and third-party libraries.
To evaluate potential open source governance partners, the company invited Sonatype and an application security vendor, WhiteSource, to scan one of their production applications. They then compared the results of the scans side by side in order to determine who provided the most accurate results. This whitepaper details what the company found.