Note from Tom 4/27/2023: I haven't received any updates on these numbers since I wrote the post below, but it's safe to say that the number is well over 300 million now.
Last April, I put up a post
about the fact that Steve Springett’s Dependency-Track
was being used 200 million times a month to look up components listed on an
SBOM in the OSS Index open source
vulnerability database; last fall, I updated that number to 270 million. So I
was quite pleased today to hear from Steve that the number is now a nice round
300 million per month. In other words, use of Dependency-Track is growing more
than 50% a year.
Of course, the point of my post
wasn’t so much to laud Dependency-Track (although I do want to point out that
D-T just celebrated its tenth birthday. This is quite interesting, because just
about nobody was talking about SBOMs ten years ago). Rather, it was to show that
SBOMs, even though they’re currently being used almost exclusively by software
developers for product vulnerability management purposes (and there are many
other tools like Dependency-Track, that are also being heavily used), clearly
are needed just as much by their customers.
But the customers aren’t asking
for them. Why aren’t they?
Good question…
Any opinions expressed in this
blog post are strictly mine and are not necessarily shared by any of the
clients of Tom Alrich LLC. If you would
like to comment on what you have read here, I would love to hear from you.
Please email me at tom@tomalrich.com.
No comments:
Post a Comment