Socket, a company focused on supply chain security, has acquired Coana, a startup that helps users identify which vulnerabilities can be ignored. CEO Feross Aboukhadijeh noted that developers are overwhelmed by alerts from security tools, making it difficult to manage vulnerabilities effectively. He pointed out that the more comprehensive a tool is at identifying vulnerabilities, the more alerts it tends to generate. This situation is exacerbated by modern software's reliance on numerous dependencies, which can lead to complicated networks of libraries and an unmanageable volume of alerts.
The problem with all security tools - and this is not something we came up with - is there are too many alerts. There's too much noise.
If you're finding things that other tools aren't finding, you're going to end up with actually more alerts.
Socket customers - software developers who use the company's dependency scanning tools to catch vulnerabilities in app libraries - have raised the issue. They don't want a thorough dependency scan to increase their workload unnecessarily.
Modern software applications tend to have a lot of dependencies. Each of these direct dependencies may have indirect or transitive dependencies.
Collection
[
|
...
]