Tag: sbom
-
SBOM is an investment in the future
Tags: sbomThere’s a saying I use often, usually as a joke, but it’s often painfully true. Past me hates future me. What I mean by that is it seems the person I used to be keeps making choices that annoy the person I am now. The best example is booking that 5am flight, what was I……
-
The slow rise of SBOMs meets the rapid advance of AI
Despite years of effort to make software safer and more transparent with SBOMs, the rise of AI coding assistants is fueling optimism”, and, some experts argue, “kind of insane””, claims about a future with vulnerability-free software. First seen on cyberscoop.com Jump to article: cyberscoop.com/sbom-adoption-challenges-ai-coding-transparency/
-
The slow rise of SBOMs meets the rapid advance of AI
Despite years of effort to make software safer and more transparent with SBOMs, the rise of AI coding assistants is fueling optimism”, and, some experts argue, “kind of insane””, claims about a future with vulnerability-free software. First seen on cyberscoop.com Jump to article: cyberscoop.com/sbom-adoption-challenges-ai-coding-transparency/
-
Erweiterte SBOM als Sicherheitheitspass: Software-Stücklisten zwischen Pflicht und Kür
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/erweiterung-sbom-sicherheitheitspass-software-stuecklisten-pflicht-kuer
-
Erweiterte SBOM als Sicherheitheitspass: Software-Stücklisten zwischen Pflicht und Kür
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/erweiterung-sbom-sicherheitheitspass-software-stuecklisten-pflicht-kuer
-
The unified linkage model: A new lens for understanding cyber risk
Tags: access, api, attack, breach, ciso, cloud, compliance, credentials, cve, cyber, cybersecurity, data, defense, exploit, flaw, framework, identity, incident response, infrastructure, intelligence, malicious, mitre, network, nist, okta, open-source, radius, resilience, risk, risk-analysis, saas, sbom, software, supply-chain, threat, update, vpn, vulnerability, zero-day, zero-trustMissed systemic risk: Organizations secure individual components but miss how vulnerabilities propagate through dependencies (e.g., Log4j embedded in third-party apps).Ineffective prioritization: Without a linkage structure, teams patch high-severity CVEs on isolated systems while leaving lower-scored flaws on critical trust pathways.Slow incident response: When a zero-day emerges, teams scramble to locate vulnerable components. Without pre-existing linkage…
-
How evolving regulations are redefining CISO responsibility
Tags: attack, awareness, breach, ciso, communications, compliance, credentials, cyber, cyberattack, cybersecurity, data, data-breach, governance, identity, incident response, intelligence, iot, nis-2, phone, regulation, resilience, risk, risk-management, sbom, service, software, threat, tool, vulnerabilityIncreasing attacks on IoT and OT device vulnerabilities Cyberattacks are increasingly driven by software vulnerabilities embedded in OT and IoT devices. The 2025 Verizon Data Breach Investigations Report noted that 20% of breaches were vulnerability-based, which is a close second to credential abuse, accounting for 22% of breaches. Year over year, breaches resulting from software…
-
Black Duck’s product release round-up: faster fixes, smarter security
Explore the latest updates across the Black Duck portfolio”, from GitHub integrations and AI-powered fixes to faster scans, audit-ready SBOMs, and workflow automation. The post Black Duck’s product release round-up: faster fixes, smarter security appeared first on Blog. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/10/black-ducks-product-release-round-up-faster-fixes-smarter-security/
-
Heisenberg: How We Learned to Stop Worrying and Love the SBOM
Turn SBOMs into supply chain defense with Heisenberg, an open source tool developed by Max Feldman and Yevhen Grinman. It stops risky pull requests (PRs) before they merge. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/heisenberg-how-we-learned-to-stop-worrying-and-love-the-sbom/
-
The CIA triad is dead, stop using a Cold War relic to fight 21st century threats
Tags: ai, backup, breach, business, ceo, ciso, compliance, csf, cyber, cybersecurity, data, data-breach, deep-fake, firewall, framework, fraud, GDPR, governance, infrastructure, ISO-27001, nist, privacy, ransomware, regulation, resilience, sbom, software, supply-chain, technology, threat, zero-trustRansomware is not just an availability problem. Treating ransomware as a simple “availability” failure misses the point. Being “up” or “down” is irrelevant when your systems are locked and business halted. What matters is resilience: the engineered ability to absorb damage, fail gracefully, and restore from immutable backups. Availability is binary; resilience is survival. Without…
-
EU-Verordnung verlangt Software-Stücklisten – Onekey-Report: SBOMs als Fundament digitaler Resilienz
First seen on security-insider.de Jump to article: www.security-insider.de/onekey-report-sboms-als-fundament-digitaler-resilienz-a-d43fa0cabf9e33b7d8c0855554d64589/
-
The New Perimeter is Your Supply Chain
Alan examines why the software supply chain has become the new perimeter in cloud-native security. From SBOMs to SLSA and Sigstore, discover how leaders can defend against attacks that target dependencies, pipelines and trusted updates. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/the-new-perimeter-is-your-supply-chain/
-
The New Perimeter is Your Supply Chain
Alan examines why the software supply chain has become the new perimeter in cloud-native security. From SBOMs to SLSA and Sigstore, discover how leaders can defend against attacks that target dependencies, pipelines and trusted updates. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/the-new-perimeter-is-your-supply-chain/
-
New Wave of Self-Replicating NPM Malware Exposes Critical Gaps in Software Supply Chain Security
The Shai-Hulud NPM worm highlights rising open-source supply chain threats. Secure builds with SBOMs, MFA, signed packages, and zero-trust defenses. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/new-wave-of-self-replicating-npm-malware-exposes-critical-gaps-in-software-supply-chain-security/
-
Softwarestücklisten als Schlüssel zur digitalen Resilienz
Die Software Bill of Materials (SBOM) ist in Unternehmen noch nicht weit verbreitet, wird aber durch den Cyber Resilience Act (CRA) bald zum Standard. Viele Firmen stehen noch am Anfang und können mit SBOMs ihre Cyberresilienz stärken. Immer mehr Geräte sind mit dem Internet verbunden, vom Smart Home bis zur Industrie 4.0, und… First seen…
-
71% of CISOs hit with third-party security incident this year
Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, toolSoftware supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
-
71% of CISOs hit with third-party security incident this year
Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, toolSoftware supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
-
71% of CISOs hit with third-party security incident this year
Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, toolSoftware supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
-
US and 14 Allies Release Joint Guidance on Software Bill of Materials
The joint guidance is a welcome first step towards a common, global adoption of SBOMs, experts argued First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-allies-joint-guidance-sboms/
-
CISA guide seeks a unified approach to software ‘ingredients lists’
Produced with other world cyber agencies, the document is a “shared vision” of SBOMs, or software bill of materials. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-guide-seeks-a-unified-approach-to-software-ingredients-lists/
-
CISA’s New SBOM Guidelines Get Mixed Reviews
Updated SBOM rules from CISA are a solid step toward making them more useful for cyber defenders but don’t address many critical needs, experts say. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/cisas-new-sbom-guidelines-mixed-reviews
-
Key findings from “The State of Embedded Software Quality and Safety 2025” report
Discover key trends and challenges in embedded software development, from AI integration to SBOM compliance. Learn how Black Duck’s solutions can help ensure quality and safety. The post Key findings from “The State of Embedded Software Quality and Safety 2025” report appeared first on Blog. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/08/key-findings-from-the-state-of-embedded-software-quality-and-safety-2025-report/
-
Key findings from “The State of Embedded Software Quality and Safety 2025” report
Discover key trends and challenges in embedded software development, from AI integration to SBOM compliance. Learn how Black Duck’s solutions can help ensure quality and safety. The post Key findings from “The State of Embedded Software Quality and Safety 2025” report appeared first on Blog. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/08/key-findings-from-the-state-of-embedded-software-quality-and-safety-2025-report/
-
CISA Seeks Biden Era’s SBOM Minimum Requirements Guideline Change
The US Cybersecurity and Infrastructure Security Agency is planning to launch an update to a 2021 guideline for SBOM requirements First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-seeks-sbom-requirements-change/
-
CISA Seeks Input on SBOM Update to Tackle Real-World Gaps
Tags: automation, cisa, cyber, cybersecurity, data, defense, infrastructure, risk, sbom, software, supply-chain, updateUS Cyber Defense Agency Pushes for Automation and Machine-Readable Data in SBOMs. The Cybersecurity and Infrastructure Security Agency released a draft update to its Software Bill of Materials minimum elements guidance, adding components to push SBOMs toward automated, operational use in supply chain risk tracking – while also addressing gaps in standardization and visibility. First…