Image: Shutterstock
Open-source software (OSS) with and without AI/ML components (e.g., code, libraries, pre-trained models) form the backbone of the ever-growing complex software supply chain. For example, the widely popular Hugging Face model hub hosts more than 60K pre-trained models (PTMs) for public use to develop new AI software for various end-user and business applications. Enterprises around the globe use software for their business tasks and processes that integrate (AI/ML) components from multiple vendors. Statistics estimate that approximately 90 percent of commercial software products are either OSS components or proprietary packages that are built with third-party software components. In other words, complex and evolving dependencies intrinsically characterise the modern software product.
Software Supply Chain Vulnerabilities and the Need for SBOMs
Vulnerabilities in these software dependencies then define the degree of reliability and security of the end product (alternatively, the software supply chain), with the number of vulnerabilities growing exponentially with the size and complexity of such supply chains. Such vulnerabilities in…
