It’s reasonable to think about today’s software development environment as a bowl of alphabet soup. There’s homegrown proprietary software (PS), open-source software (OSS) and third-party or commercial off-the-shelf software (COTS) to deal with.

Yet, tucked away among all the acronyms and chunks of code lies a basic truth: it’s tough to know where all the code came from and if it is secure. The task isn’t made any easier by code sourced from business partners, vendors, contractors and others.