Anchore to Contribute Grype Open Source Vulnerability Data to the Global Security Database

Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, announced that the Global Security Database Working Group will receive a contribution of open source vulnerability data from Anchore, a leader in software supply chain security. The contribution will include the enriched vulnerability details used by Anchore’s open source Grype vulnerability scanner.

The Global Security Database Working Group is a broad-based initiative to improve vulnerability discovery, reporting, publication, tracking, and classification in order to radically increase public visibility into critical vulnerabilities. As the requirements for vulnerability identifiers change rapidly, the need surfaced for deeper reporting, clear information, and reduced latency. The working group’s founding members are Josh Bressers, vice president of security at Anchore, and Kurt Seifried, director of special projects at the Cloud Security Alliance.

Recommended AI News: FRAME Deploys NewStore Omnichannel Platform to Power the Brand’s Modern Retail Experience

“Software supply chain security is more important now than ever before. The foundation of supply chain security revolves around software bill of materials and also open and accurate vulnerability data,” said Josh Bressers, vice president of security at Anchore. “I am ecstatic that the Cloud Security Alliance is taking on the challenge of making vulnerability data more open and accurate. Anchore’s Grype data will make a great addition in helping towards the goals of open and accurate data.”

“As an industry, we are challenged by insufficient coverage of the probable vulnerabilities that exist in the wild, due to inadequate industry standards for identifying vulnerabilities and a predisposition to not share vulnerability data among many. We appreciate Anchore’s valuable contributions, both in volunteer research contributions into building our Global Security Database (GSD) project and in providing vulnerability data to enrich GSD,” said Jim Reavis, co-founder and CEO, Cloud Security Alliance.

Recommended AI News: Adani Group Accelerates Enterprise-Wide Digital Transformation Strategy with Google Cloud

Anchore’s open source project Grype is an easy-to-integrate vulnerability scanning tool for container images and filesystems. This developer-friendly tool helps practitioners secure the software supply chain and protect cloud-native applications.

“As an industry, it’s vital that we start talking about how to address the problems around vulnerability discovery, reporting, publication, tracking, and classification. Anchore’s contribution of open source vulnerability data serves to jumpstart this conversation and will help immeasurably as we work to make vulnerability data more accurate,” commented Kurt Seifried.

Recommended AI News: Onspring Releases New Version of its Process Automation Software, Equipped with Client-requested Enhancements and Integrations

[To share your insights with us, please write to sghosh@martechseries.com]