https://ones.com/blog/knowledge/strengthening-software-component-security-assessment/