Ready to start a project with us? Let us know what's on your mind.

1501 Broadway STE 12060
New York, NY 10036-5601

    Select Service(s)*

    x Close

    Winmill’s Ben DiMolfetta wins Veracode’s Best Video demonstrating how to find and remediate vulnerabilities in your software supply chain.


    New York, NY – July 12, 2022 – Winmill Software Corporation has announced that Ben DiMolfetta, client solutions architect for Winmill, has won Veracode’s “Best Video Series in Demonstrating Software Composition Analysis (SCA).”  The eight-part video series Ben created summarizes how to use Veracode to run a software composition analysis, analyze the results, and create a trackable ticket for removing cyber attack vulnerabilities.

    In the video series developed by Ben, viewers are shown how to use Veracode SCA to generate a software bill of materials that can be used to identify applications that might be vulnerable to cyber attacks. Veracode SCA then makes recommendations for remedying each vulnerability, such as installing a newer version of the software or code. Veracode’s platform also analyzes whether an application is using the correct license.

    Ben also created a video showing how this scanning tool can be run in PowerShell utilizing the SCA Agent. Ben’s video shows how to integrate SCA Agent into the JIRA Cloud ticket and process flow. All of this gives developers a more robust set of tools for vulnerability remediation, including the ability to create JIRA tickets or stories that will help developers secure their applications.   

    Software Supply Chains Introduce Vulnerabilities to Cyber Attacks

    Today, every organization depends on a variety of applications. Some are created in-house, some are commercial third-party applications, and some are open-source. All of these combined make up what is referred to as the software supply chain. 

    Open-source application usage has become ubiquitous. Forrester reported in 2020 that an average of 75 percent of audited application code bases was open-source applications. This heavy dependence on open-source applications has created a critical need to be able to identify vulnerabilities in these applications and the solutions to those vulnerabilities. 

    A software bill of materials, created via a software composition analysis, is the best way to protect your software supply chain. Veracode SCA enables you to do this accurately and easily. In partnership with Veracode, Winmill uses its security expertise to help identify software components and dependencies that create vulnerabilities, offer remediation guidance, and actively manage licensing and compliance risks.


    Winmill Software provides industry-leading Cybersecurity, Cloud, Application Development, and DevOps. We partner with the best application security solutions on the market and provide specialized product expertise to our clients. Winmill is Focus Partner of Veracode, a leading provider of application security testing platforms. Together we enable organizations to develop secure software from the start and build an advanced application security program–one that reduces risk of security breach and accelerates your business. Veracode’s powerful combination of automation, integrations, process, and speed enables customers to get accurate and reliable results and focus efforts on fixing, not just finding, potential vulnerabilities.