Your scanner did not fail you. It worked perfectly. It documented every vulnerable open source dependency that entered your environment and was not remediated within a defensible window. That is not a security program. That is a liability record. Mythos just proved the bottleneck was never discovery. It is the humans on the other end of the queue. The fix lives at intake, not at the scanner. #opensourcesoftwaresecurity #softwaresupplychain #DevSecOps #AppSec Read more at buff.ly/0zm30uq

Results of #sigstore and #slf4j Security Audits including 1 High Risk Vulnerability Found & Fixed hubs.la/Q01h3JPN0 #securityaudit #OSS #OpenSourceSoftwareSecurity