Kill the Contagion
While security researchers work hard to ferret out vulnerabilities ahead of the black hats, the majority of open source developers are not security experts. Many open source code vulnerabilities arise from misconfiguration by end users. The security landscape is full of traps at many levels.
With modern code bases comprising tens of millions of lines of code, automation is key to realizing the benefits of open source hygiene. While human oversight is necessary and helpful in identifying vulnerabilities, effective hygiene comes from orchestrating automated scanning with build engines and continuous integration platforms. With a comprehensive bill of materials (BOM) for an organization's open source code, you can then perform automated scans to supply critical information about security vulnerabilities, licensing conflicts, and version deprecation and proliferation.