This week many engineering teams are looking for the immensely popular open source library 'curl' in order to get ahead of the CVE-2023-38545 vulnerability. Most of them are NOT going to see it in their SBOM even though they use it.

In this article I walk through why this is, places it might be hiding and questions to ask that can help uncover your use of it.

https://zebracatzebra.com/oss/curl-is-seen-everywhere-except-your-sbom-why-is-it-missing-even-though-you-use-it/ #curl #sca #sbom