SBOM – Page 2 – WindowsTechs.com

The SBOM Bombshell

Posted on May 9, 2023 by Matt Honea

SBOMs can be used for managing risk and determining vulnerability impact, but it’s very hard to build holistic risk models when the data is not standardized across multiple platforms.
The post The SBOM Bombshell appeared first on SecurityWeek.
Continue reading The SBOM Bombshell→

Top 10 Security, Operational Risks From Open Source Code

Posted on March 1, 2023 by Kevin Townsend

Endor Labs has introduced an OWASP-style listing of the most important or impactful risks inherent in the use of open source software (OSS).
The post Top 10 Security, Operational Risks From Open Source Code appeared first on SecurityWeek.
Continue reading Top 10 Security, Operational Risks From Open Source Code→

Cyber Insights 2023 | Supply Chain Security

Posted on February 2, 2023 by Kevin Townsend

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be remediated.

The post Cyber Insights 2023 | Supply Chain Security appeared first on SecurityWeek.

Continue reading Cyber Insights 2023 | Supply Chain Security→

OpenVEX Spec Adds Clarity to Supply Chain Vulnerability Warnings

Posted on January 31, 2023 by Ryan Naraine

Chainguard OpenVEX Spec adds clarity to Supply Chain Vulnerability warnings specifications to help software vendors and maintainers communicate precise metadata about the vulnerability status of products.

The post OpenVEX Spec Adds Clarity to Supply Chain Vulnerability Warnings appeared first on SecurityWeek.

Continue reading OpenVEX Spec Adds Clarity to Supply Chain Vulnerability Warnings→

The Best Ways to Automate SBOM Creation

Posted on December 5, 2022 by Owais Sultan

By Owais Sultan
SBOM or Software Bill of Materials implies a comprehensive inventory of all the constituent elements or components of the software.
This is a post from HackRead.com Read the original post: The Best Ways to Automate SBOM Creation
Continue reading The Best Ways to Automate SBOM Creation→

SaltStack: 20 Breaches Within Four Days

Posted on May 18, 2020 by Derek Weeks

Since 2017, I’ve reported in our annual State of the Software Supply Chain Report that the average time between an open source vulnerability being announced and subsequently exploited was three days. We saw this exploit time with Equif… Continue reading SaltStack: 20 Breaches Within Four Days→

Gartner: Mitigate Risk By Hardening the Software Supply Chain

Posted on December 12, 2019 by Katie McCaskey

When molten steel is immersed in water it transforms into one of the world’s strongest materials. A resilient software supply chain is no different. Hardened steel requires combining alloys; a hardened software supply chain requires combinin… Continue reading Gartner: Mitigate Risk By Hardening the Software Supply Chain→

Why You Need a Software Bill of Materials More Than Ever

Posted on December 5, 2019 by Katie McCaskey

Imagine that a new vulnerability in lodash was just announced. Applications using the npm package are being exploited through large scale automated DoS attacks. You need to act quickly to understand if your organization’s systems are at risk… Continue reading Why You Need a Software Bill of Materials More Than Ever→