How do you use SCA tools to manage vulnerabilities in dependencies? What are some issues you run into when using the tools and what improvements with SCA do you think would be helpful?
We are security researchers at NC State interested in how you use SCA tools. If you are willing to share your experiences with us, we’d be happy to talk to you. We’re conducting interviews (~45min) to understand your experiences.
Ultimately, we really want to understand:
- How you integrate SCA into software pipelines and any challenges that come with that.
- How you interpret the SCA reports and what actions are taken after.
- Challenges you run into with SCA, your opinions, and how you would like to see them be improved
More details about our research are here: Interview Study on the use of SCA tools - Secure Software Supply Chain Center, feel free to book an interview directly on our research page.
We’re happy to discuss the challenges you run into, please feel free to reach out if you are interested or have any questions. Thanks!