The top approach for evaluating the security of OSS packages is the use of software composition analysis (SCA) and static application security testing (SAST) tools
39% of maintainers and core contributors still engage in manual code review
Making security tools more intelligent emerges as the primary approach to improving security across the OSS supply chain. This includes leveraging advanced technologies like machine learning to enhance threat detection and response mechanisms
The second most favored approach to improving security is reducing developer fatigue through automation