OWASP Lead Flags Gaping Hole in Software Supply Chain Security

SBOMs aren’t enough: Developers need to dig deeper into how software is built by using a process called binary source validation.