Traditional application security tools like software composition analysis (SCA) are good, but application security needs to evolve to tackle supply chain security as software teams face new complexity and threats. We’ll tackle why teams need to go beyond addressing open source licensing and vulnerabilities to malware and behavior analysis. Specifically, we’ll review why modern software supply chain security needs to protect both infrastructure and applications — and shift the emphasis from vulnerabilities to malware. We’ll discuss how binary analysis allows deeper visibility for teams to ensure their software is secure by focusing on how code behaves, regardless of where it came from.