By Lineaje’s Open Source Manager (OSM) is helping to address the complexities of securing the open-source software supply chain. In this episode, Nick Mistry, SVP and CISO at Lineaje, talks about the challenges of open-source vulnerability discovery and how Lineaje’s tools are helping companies identify and manage risk associated with open-source software. He says, “Our solution is designed to support all of those needs to be able to identify risks and remediate the risks over software, and more importantly, manage it.”
Software supply chain security, open source vulnerabilities, and risk management
- Lineaje discovers the entire supply chain of customers’ software including all the open source, before fingerprinting it and identifying risk across multiple layers.
- Mistry explains why it is challenging to find vulnerabilities in open-source software. He discusses how Lineaje’s approach identifies all risks, including both known and predictive vulnerabilities.
- Scanning code and generating an SBOM (software bill of materials) are complementary. Mistry emphasizes why it is crucial to have a complete and accurate SBOM to identify and mitigate the risks.
- Mistry highlights the need to identify risks beyond just vulnerabilities within the software supply chain and to use this information to remediate and reduce risk exposure.
- Mistry explains the role Lineaje plays in the security space, emphasizing the company’s holistic approach and how its solution addresses the dynamic nature of software and threats.
- Lineaje’s OSM allows developers to use necessary libraries and tools within fine-grained, risk-based policies. Mistry discusses how developers can apply nuanced policies to manage third-party and open-source components.
- Mistry explains how Lineaje AI helps improve efficiency for companies using their tool.
AI-powered security tools for software development and vulnerability management
- Mistry highlights how AI technologies are being leveraged in security to help instruct developers on remediation by quickly analyzing and understanding the code.
- LLM provides a natural language interface making it easier to interact with tools and access information. However, Mistry admits that there is also a need to identify and manage risks associated with AI.
- Mistry tells us that Lineaje is working on developing an “AI Bill of Materials” (AI BOM) to identify risks in AI software.
- Lineaje will be announcing new products for identifying and remediating risks that lack available fixes. The launch is expected in a few weeks.
Securing software supply chain and open source adoption
- Although significant progress is being made in security, integrating numerous point solutions is still challenging. Mistry explains how Lineaje is approaching this challenge.
- Lineaje is involved with various government-led working groups, including CISA, NIST, and MITRE. Mistry highlights initiatives like SBOM and AI risk frameworks that are coming out of these working groups.
- Mistry explains how OSM enables organizations to define and manage risk while implementing guardrails at various stages of development to help companies navigate the complexities of consuming open source.
- While Lineaje focuses on managing open source risks, their tools can also support proprietary software. He emphasizes that Lineaje views software as software, regardless of whether it is open source or proprietary.
Guest: Nick Mistry (LinkedIn)
Company: Lineaje (Twitter)
Show: Let’s Talk
This summary was written by Emily Nicholls.
