Tag: sbom

CISA updates SBOM recommendations

Aug 22, 2025 6:54 PM

Tags: cisa, sbom, software, update

The document is primarily meant for federal agencies, but CISA hopes businesses will also use it to push vendors for software bills of materials. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-sbom-software-bill-of-materials-guidance-update/758414/
SBOM Manager New Features Accelerate Compliance and Security at Scale

Aug 22, 2025 1:54 AM

Tags: compliance, sbom
Wie CISOs von der Blockchain profitieren

Aug 19, 2025 6:58 AM

Tags: access, ai, api, blockchain, ciso, compliance, framework, governance, identity, LLM, network, saas, sbom, software, tool, zero-trust

Die Blockchain macht Trust verifizierbar.Sicherheitsvorfälle gehen nicht nur auf eine Kompromittierung der internen Systeme zurück. Sie hängen regelmäßig auch damit zusammen, dass:Privileged-Access-Protokolle fehlen,SaaS-Audit-Trails nicht vertrauenswürdig sind, oderLieferketten kompromittiert werden.Die Blockchain kann dabei helfen, diese realen Probleme zu lösen und Manipulationssicherheit, Datenintegrität und Trust zu gewährleisten. Im Kern ist Blockchain ein System von Datensätzen, die über…
Beyond cryptocurrency: Blockchain 101 for CISOs and why it matters

Aug 8, 2025 2:11 PM

Tags: access, ai, api, attack, blockchain, breach, ciso, compliance, container, control, credentials, crypto, data, framework, gartner, governance, identity, incident response, infrastructure, international, malicious, nist, regulation, risk, saas, sbom, software, supply-chain, technology, threat, tool, unauthorized, vulnerability, zero-trust

Decentralization. Eliminates single points of failure or compromise Immutability. Data written to the chain is nearly impossible to change Verifiability. Stakeholders can independently verify logs or data integrity Transparency + confidentiality. You can audit metadata while encrypting sensitive content According to Gartner, 20% of large enterprises will use blockchain for digital trust initiatives by 2025. That’s not hype, it’s…
Beyond cryptocurrency: Blockchain 101 for CISOs and why it matters

Aug 8, 2025 2:11 PM

Tags: access, ai, api, attack, blockchain, breach, ciso, compliance, container, control, credentials, crypto, data, framework, gartner, governance, identity, incident response, infrastructure, international, malicious, nist, regulation, risk, saas, sbom, software, supply-chain, technology, threat, tool, unauthorized, vulnerability, zero-trust

Decentralization. Eliminates single points of failure or compromise Immutability. Data written to the chain is nearly impossible to change Verifiability. Stakeholders can independently verify logs or data integrity Transparency + confidentiality. You can audit metadata while encrypting sensitive content According to Gartner, 20% of large enterprises will use blockchain for digital trust initiatives by 2025. That’s not hype, it’s…
Beyond cryptocurrency: Blockchain 101 for CISOs and why it matters

Aug 8, 2025 2:11 PM

Tags: access, ai, api, attack, blockchain, breach, ciso, compliance, container, control, credentials, crypto, data, framework, gartner, governance, identity, incident response, infrastructure, international, malicious, nist, regulation, risk, saas, sbom, software, supply-chain, technology, threat, tool, unauthorized, vulnerability, zero-trust

Decentralization. Eliminates single points of failure or compromise Immutability. Data written to the chain is nearly impossible to change Verifiability. Stakeholders can independently verify logs or data integrity Transparency + confidentiality. You can audit metadata while encrypting sensitive content According to Gartner, 20% of large enterprises will use blockchain for digital trust initiatives by 2025. That’s not hype, it’s…
What Is A Software Bill of Materials (SBOM) 4 Critical Benefits

Aug 4, 2025 10:28 PM

Tags: sbom, software

Learn how SBOMs improve transparency, security, and compliance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/what-is-a-software-bill-of-materials-sbom-4-critical-benefits/
AIBOMs are the new SBOMs: The missing link in AI risk management

Aug 4, 2025 8:28 AM

Tags: ai, ceo, cyber, data, risk, risk-management, sbom, training

In this Help Net Security interview, Marc Frankel, CEO at Manifest Cyber, discusses how overlooked AI-specific risks, like poisoned training data and shadow AI, can lead to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/04/marc-frankel-manifest-cyber-aiboms-sboms/
SBOM für KI – BSI fordert Transparenz bei KI-Lieferketten

Jul 1, 2025 9:33 AM

Tags: ai, bsi, sbom

First seen on security-insider.de Jump to article: www.security-insider.de/bsi-fordert-transparenz-bei-ki-lieferketten-a-8a765fc72d1226d3e14f0a3e842a7519/
BSI führt G7-Initiative an: Erstes Konzept für ‘SBOM for AI” veröffentlicht

Jun 18, 2025 8:54 AM

Tags: ai, bsi, risk, sbom, software

Transparenz als Grundpfeiler für sichere Künstliche Intelligenz: Im Rahmen des G7-Cybersicherheitsgipfels in Ottawa hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) gemeinsam mit internationalen Partnern ein gemeinsames Konzept für eine ‘Software Bill of Materials” (SBOM) für KI-Systeme vorgestellt. Die Initiative soll künftig Klarheit über Modelle, Datenquellen und Risiken entlang des gesamten KI-Lebenszyklus schaffen. First…
Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security

Jun 18, 2025 8:54 AM

Tags: container, monitoring, sbom, tool

As applications become more distributed, traditional monitoring and security tools are failing to keep pace. This article explores how eBPF, when utilized by the graduated … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/18/ebpf-cilium-tetragon-sboms-security/
SBOM for AI: BSI-geleitete G7-Arbeitsgruppe veröffentlicht gemeinsames Konzept

Jun 18, 2025 1:54 AM

Tags: ai, bsi, sbom

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/sbom-for-ai-bsi-leitung-g7-arbeitsgruppe-veroeffentlichung-konzept
DoD issues new marching orders on secure software and SBOMs

Jun 11, 2025 3:55 PM

Tags: defense, sbom, software, supply-chain
SBOM management and generation: How Sonatype leads in software supply chain visibility

May 27, 2025 7:54 PM

Tags: sbom, software, supply-chain, threat, vulnerability
The Security Gap JPMorgan Chase’s CISO Didn’t Mention”Š”, “ŠAnd Why It’s in Your Browser

May 13, 2025 10:38 PM

Tags: access, adobe, api, apple, attack, browser, business, chrome, ciso, cloud, compliance, conference, control, credentials, crypto, cyber, data, detection, dora, endpoint, exploit, finance, gartner, google, grc, identity, infrastructure, microsoft, monitoring, nis-2, open-source, password, phishing, ransomware, regulation, resilience, risk, risk-assessment, saas, sbom, software, technology, theft, threat, tool, unauthorized, update, vulnerability

The Security Gap JPMorgan Chase’s CISO Didn’t Mention”Š”, “ŠAnd Why It’s in Your Browser When the CISO of JPMorgan Chase issues a public letter to all technology vendors, the industry pays attention”Š”, “Šand rightfully so. In his open letter, Rohan Amin lays out a firm, urgent call: prioritize secure-by-design practices, patch faster, and take full accountability…
BSidesLV24 Proving Ground Demystifying SBOMs: Strengthening Cybersecurity Defenses

May 12, 2025 6:10 PM

Tags: conference, cybersecurity, defense, sbom

Authors/Presenters: Krity Kharbanda, Harini Ramprasad Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/bsideslv24-proving-ground-demystifying-sboms-strengthening-cybersecurity-defenses/
Cybersecurity Snapshot: CISA’s Best Cyber Advice on Securing Cloud, OT, Apps and More

May 2, 2025 6:50 PM

Tags: access, ai, attack, authentication, best-practice, breach, business, cisa, ciso, cloud, computer, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, exploit, firewall, flaw, framework, government, guide, hacker, iam, identity, incident, incident response, infrastructure, injection, international, Internet, iot, kubernetes, login, mfa, microsoft, mitigation, mitre, network, nist, open-source, organized, password, phishing, programming, RedTeam, risk, risk-management, sbom, service, software, sql, supply-chain, tactics, technology, threat, tool, unauthorized, update, usa, vulnerability, vulnerability-management, windows, xss, zero-day

In this special edition of the Cybersecurity Snapshot, we’re highlighting some of the most valuable guidance offered by the U.S. Cybersecurity and Infrastructure Security Agency in the past 12 months. Check out best practices, recommendations and insights on protecting your cloud environments, OT systems, software development processes and more. In case you missed it, here’s…
Chase CISO condemns the security of the industry’s SaaS offerings

Apr 30, 2025 5:55 AM

Tags: ai, api, ciso, cloud, control, crowdstrike, cybersecurity, data, defense, detection, group, identity, incident response, infrastructure, network, risk, saas, sbom, threat

Solutions missing: Fritz Jean-Louis, principal cybersecurity advisor at Info-Tech Research Group, said that he generally agreed with the Chase description of the cybersecurity challenges today.”One of the key points in the letter is that the modern SaaS model concentrates sensitive data behind a handful of cloud front doors. JP Morgan itself has logged multiple third-party…
Secure by Design is likely dead at CISA. Will the private sector make good on its pledge?

Apr 28, 2025 8:51 PM

Tags: cisa, cybersecurity, government, office, risk, risk-management, sbom, software, technology, tool

CISA’s Secure by Design effort is ‘tiny’: Not everyone believes in the concept of security by design. Jeff Williams, founder and CTO of Contrast Security and creator of the first OWASP Top 10 list in 2002, told CSO that, in his view, the very first secure-by-design manual was the vaunted August 1983 “Orange Book” produced…
How SBOMs power secure software acquisition – Sonatype Blog

Apr 26, 2025 3:51 PM

Tags: cisa, Hardware, open-source, programming, sbom, software, supply-chain
What is the xBOM?

Apr 26, 2025 1:51 PM

Tags: cloud, cryptography, cyber, Hardware, international, resilience, risk, sbom, service, software, supply-chain, technology, tool
AI development pipeline attacks expand CISOs’ software supply chain risk

Mar 17, 2025 9:52 AM

Tags: access, ai, api, application-security, attack, backdoor, breach, business, ciso, cloud, container, control, cyber, cybersecurity, data, data-breach, detection, encryption, exploit, flaw, fortinet, government, infrastructure, injection, intelligence, LLM, malicious, malware, ml, network, open-source, password, penetration-testing, programming, pypi, risk, risk-assessment, russia, saas, sbom, service, software, supply-chain, threat, tool, training, vpn, vulnerability

development pipelines are exacerbating software supply chain security problems.Incidents of exposed development secrets via publicly accessible, open-source packages rose 12% last year compared to 2023, according to ReversingLabs (RL).A scan of 30 of the most popular open-source packages found an average of six critical-severity and 33 high-severity flaws per package.Commercial software packages are also a…
Software Bill of Material umsetzen: Die besten SBOM-Tools

Feb 17, 2025 5:46 AM

Tags: api, business, compliance, container, cyberattack, data, docker, gartner, github, gitlab, healthcare, linux, monitoring, open-source, risk, saas, sbom, service, software, tool, update, vulnerability

Nur wenn Sie wissen, was drinsteckt, können Sie sich sicher sein, dass alles mit rechten Dingen zugeht. Das gilt für Fast Food wie für Software. Um Software abzusichern, muss man wissen, was in ihrem Code steckt. Aus diesem Grund ist eine Software Bill of Material, SBOM oder Software-Stückliste heute unerlässlich. Der SolarWinds-Angriff sowie die Log4j-Schwachstelle…
Proactive compliance with Sonatype: Automating reporting for U.S. Army SBOM requirements

Jan 23, 2025 10:26 AM

Tags: attack, compliance, cybersecurity, sbom, software
Trump disbands Cyber Safety Review Board, Salt Typhoon inquiry in limbo

Jan 22, 2025 9:24 PM

Tags: advisory, ai, attack, china, cisa, crowdstrike, cyber, cybersecurity, government, group, hacking, healthcare, incident, infrastructure, microsoft, network, ransomware, sbom, service, technology, threat, vulnerability

The administration of US President Donald Trump has dismissed all members of its Cyber Safety Review Board (CSRB), including those investigating the China-linked hacking group Salt Typhoon. Other groups affected by a general clear-out include the AI Safety and Security Board and the National Security Telecommunications Advisory Committee.Cybersecurity experts have expressed concern about the move,…
Trump administration disbands DHS board investigating Salt Typhoon hacks

Jan 22, 2025 8:22 PM

Tags: advisory, ai, attack, china, cisa, crowdstrike, cyber, cybersecurity, government, group, hacking, healthcare, incident, infrastructure, microsoft, network, ransomware, sbom, service, technology, threat, vulnerability

The administration of US President Donald Trump has dismissed all members of its Cyber Safety Review Board (CSRB), including those investigating the China-linked hacking group Salt Typhoon. Other groups affected by a general clear-out include the AI Safety and Security Board and the National Security Telecommunications Advisory Committee.Cybersecurity experts have expressed concern about the move,…
DEF CON 32 SBOMs the Hard Way: Hacking Bob the Minion

Jan 14, 2025 6:43 PM

Tags: conference, hacking, sbom

Authors/Presenters: Larry Pesce Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/def-con-32-sboms-the-hard-way-hacking-bob-the-minion/
Unlock collaboration and efficiency in software management with SBOMs

Jan 11, 2025 11:42 AM

Tags: open-source, sbom, software
Demystifying VEX: Simplifying SBOMs with Sonatype SBOM Manager

Dec 6, 2024 5:48 AM

Tags: sbom, software, supply-chain
Die Software-Branche braucht Software Bills of Materials – Open Source kommt in Zukunft nicht ohne SBOM aus

Dec 5, 2024 11:49 AM

Tags: open-source, sbom, software

First seen on security-insider.de Jump to article: www.security-insider.de/open-source-software-braucht-sbom-a-ab67253f08be1785db87d428f45a297e/