Managing open source risk: A introduction to device composition analysis
Managing Open Source Risk With Device Composition Analysis For Connected Devices
While there are many benefits to using open source components, they also present a fair amount of risks and challenges if accompanied by licensing rules. This is where Device Composition Analysis (DCA) comes into play.
You can think of DCA as a version of Software Composition Analysis (SCA) that is used in app development, except DCA is compatible with the embedded systems and architectures found in connected devices. DCA enables you to uncover and track all third-party components in your devices as well as their software licenses and vulnerabilities.
Check out the document to learn more about DCA.