SCA is good. Software Supply Chain Security is better.
In this lesson, Matt refers to The Software Composition Analysis Landscape, Q1 2023 report from Forrester and makes the point that Software Composition Analysis does not equal Software Supply Chain Security.
• Related ReversingGlass: DNA of an app
• Special: The State of Supply Chain Security
• See the Forrester SCA Landscape Report