Effective vulnerability management is a major task for development teams, and knowing what problems to prioritize can save unnecessary re-work. In the Software Composition Analysis (SCA) community, a hotly-debated approach to prioritization is vulnerability reachability, also known as “call flow.” Today, we take a look at why vendors argue for or against analysis of reachability.
Article Link: Prioritizing Open Source Vulnerabilities: Is Reachability Useful?