Interview with Deb Radcliff, Shift Left Academy, GrammaTech

Date: August 24, 2021

On August 4, Osterman Research released a software supply chain study conducted against data collected by GrammaTech’s CodeSentry Software Supply Chain testing product. The study of that data found that 100 percent of commercial applications that use open-source components contain vulnerabilities within their open-source components, and that 85% of the browser, email, file sharing, online meeting and messaging products tested had at least one critical vulnerability with a 10.0 CVSS (Common Vulnerability Scoring System) score, which is the highest possible. 

In this video interview, Michael Sampson, Senior Analyst Osterman Research and author of the report discusses his findings and offers advice on how to avoid some of the pitfalls of open source.