Anchore to Contribute Grype Open Source Vulnerability Data to the Global Security Database
Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, announced that the Global Security Database Working Group will receive a contribution of open source vulnerability data from Anchore, a leader in software supply chain security. The contribution will include the enriched vulnerability details used by Anchore’s open source Grype vulnerability scanner.
The Global Security Database Working Group is a broad-based initiative to improve vulnerability discovery, reporting, publication, tracking, and classification in order to radically increase public visibility into critical vulnerabilities. As the requirements for vulnerability identifiers change rapidly, the need surfaced for deeper reporting, clear information, and reduced latency. The working group’s founding members are Josh Bressers, vice president of security at Anchore, and Kurt Seifried, director of special projects at the Cloud Security Alliance.
“Software supply chain security is more important now than ever before. The foundation of supply chain security revolves around software bill of materials and also open and accurate vulnerability data,” said Josh Bressers, vice president of security at Anchore. “I am ecstatic that the Cloud Security Alliance is taking on the challenge of making vulnerability data more open and accurate. Anchore’s Grype data will make a great addition in helping towards the goals of open and accurate data.”
“As an industry, we are challenged by insufficient coverage of the probable vulnerabilities that exist in the wild, due to inadequate industry standards for identifying vulnerabilities and a predisposition to not share vulnerability data among many. We appreciate Anchore’s valuable contributions, both in volunteer research contributions into building our Global Security Database (GSD) project and in providing vulnerability data to enrich GSD,” said Jim Reavis, co-founder and CEO, Cloud Security Alliance.
Anchore’s open source project Grype is an easy-to-integrate vulnerability scanning tool for container images and filesystems. This developer-friendly tool helps practitioners secure the software supply chain and protect cloud-native applications.
“As an industry, it’s vital that we start talking about how to address the problems around vulnerability discovery, reporting, publication, tracking, and classification. Anchore’s contribution of open source vulnerability data serves to jumpstart this conversation and will help immeasurably as we work to make vulnerability data more accurate,” commented Kurt Seifried.
[To share your insights with us, please write to email@example.com]