Tag: sbom

EU-Verordnung verlangt Software-Stücklisten – Onekey-Report: SBOMs als Fundament digitaler Resilienz

Oct 8, 2025 10:50 AM

Tags: resilience, sbom, software

First seen on security-insider.de Jump to article: www.security-insider.de/onekey-report-sboms-als-fundament-digitaler-resilienz-a-d43fa0cabf9e33b7d8c0855554d64589/
The New Perimeter is Your Supply Chain

Sep 26, 2025 11:09 AM

Tags: attack, cloud, sbom, software, supply-chain

Alan examines why the software supply chain has become the new perimeter in cloud-native security. From SBOMs to SLSA and Sigstore, discover how leaders can defend against attacks that target dependencies, pipelines and trusted updates. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/the-new-perimeter-is-your-supply-chain/
The New Perimeter is Your Supply Chain

Sep 26, 2025 11:09 AM

Tags: attack, cloud, sbom, software, supply-chain

Alan examines why the software supply chain has become the new perimeter in cloud-native security. From SBOMs to SLSA and Sigstore, discover how leaders can defend against attacks that target dependencies, pipelines and trusted updates. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/the-new-perimeter-is-your-supply-chain/
New Wave of Self-Replicating NPM Malware Exposes Critical Gaps in Software Supply Chain Security

Sep 19, 2025 11:15 AM

Tags: malware, mfa, open-source, sbom, software, supply-chain, worm, zero-trust

The Shai-Hulud NPM worm highlights rising open-source supply chain threats. Secure builds with SBOMs, MFA, signed packages, and zero-trust defenses. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/new-wave-of-self-replicating-npm-malware-exposes-critical-gaps-in-software-supply-chain-security/
Softwarestücklisten als Schlüssel zur digitalen Resilienz

Sep 16, 2025 6:17 AM

Tags: cyber, Internet, resilience, sbom, software

Die Software Bill of Materials (SBOM) ist in Unternehmen noch nicht weit verbreitet, wird aber durch den Cyber Resilience Act (CRA) bald zum Standard. Viele Firmen stehen noch am Anfang und können mit SBOMs ihre Cyberresilienz stärken. Immer mehr Geräte sind mit dem Internet verbunden, vom Smart Home bis zur Industrie 4.0, und… First seen…
71% of CISOs hit with third-party security incident this year

Sep 9, 2025 10:08 AM

Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, tool

Software supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
71% of CISOs hit with third-party security incident this year

Sep 9, 2025 10:08 AM

Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, tool

Software supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
71% of CISOs hit with third-party security incident this year

Sep 9, 2025 10:08 AM

Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, tool

Software supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
US and 14 Allies Release Joint Guidance on Software Bill of Materials

Sep 4, 2025 6:20 PM

Tags: sbom, software

The joint guidance is a welcome first step towards a common, global adoption of SBOMs, experts argued First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-allies-joint-guidance-sboms/
CISA guide seeks a unified approach to software ‘ingredients lists’

Sep 3, 2025 10:20 PM

Tags: cisa, cyber, guide, sbom, software

Produced with other world cyber agencies, the document is a “shared vision” of SBOMs, or software bill of materials. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-guide-seeks-a-unified-approach-to-software-ingredients-lists/
CISA’s New SBOM Guidelines Get Mixed Reviews

Aug 28, 2025 6:23 PM

Tags: cisa, cyber, sbom

Updated SBOM rules from CISA are a solid step toward making them more useful for cyber defenders but don’t address many critical needs, experts say. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/cisas-new-sbom-guidelines-mixed-reviews
Key findings from “The State of Embedded Software Quality and Safety 2025” report

Aug 26, 2025 4:54 PM

Tags: ai, programming, sbom, software

Discover key trends and challenges in embedded software development, from AI integration to SBOM compliance. Learn how Black Duck’s solutions can help ensure quality and safety. The post Key findings from “The State of Embedded Software Quality and Safety 2025” report appeared first on Blog. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/08/key-findings-from-the-state-of-embedded-software-quality-and-safety-2025-report/
Key findings from “The State of Embedded Software Quality and Safety 2025” report

Aug 26, 2025 4:54 PM

Tags: ai, programming, sbom, software

Discover key trends and challenges in embedded software development, from AI integration to SBOM compliance. Learn how Black Duck’s solutions can help ensure quality and safety. The post Key findings from “The State of Embedded Software Quality and Safety 2025” report appeared first on Blog. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/08/key-findings-from-the-state-of-embedded-software-quality-and-safety-2025-report/
CISA Seeks Biden Era’s SBOM Minimum Requirements Guideline Change

Aug 25, 2025 12:54 PM

Tags: cisa, cybersecurity, infrastructure, sbom, update

The US Cybersecurity and Infrastructure Security Agency is planning to launch an update to a 2021 guideline for SBOM requirements First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-seeks-sbom-requirements-change/
CISA Seeks Input on SBOM Update to Tackle Real-World Gaps

Aug 22, 2025 11:54 PM

Tags: automation, cisa, cyber, cybersecurity, data, defense, infrastructure, risk, sbom, software, supply-chain, update

US Cyber Defense Agency Pushes for Automation and Machine-Readable Data in SBOMs. The Cybersecurity and Infrastructure Security Agency released a draft update to its Software Bill of Materials minimum elements guidance, adding components to push SBOMs toward automated, operational use in supply chain risk tracking – while also addressing gaps in standardization and visibility. First…
CISA updates SBOM recommendations

Aug 22, 2025 6:54 PM

Tags: cisa, sbom, software, update

The document is primarily meant for federal agencies, but CISA hopes businesses will also use it to push vendors for software bills of materials. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-sbom-software-bill-of-materials-guidance-update/758414/
SBOM Manager New Features Accelerate Compliance and Security at Scale

Aug 22, 2025 1:54 AM

Tags: compliance, sbom
Wie CISOs von der Blockchain profitieren

Aug 19, 2025 6:58 AM

Tags: access, ai, api, blockchain, ciso, compliance, framework, governance, identity, LLM, network, saas, sbom, software, tool, zero-trust

Die Blockchain macht Trust verifizierbar.Sicherheitsvorfälle gehen nicht nur auf eine Kompromittierung der internen Systeme zurück. Sie hängen regelmäßig auch damit zusammen, dass:Privileged-Access-Protokolle fehlen,SaaS-Audit-Trails nicht vertrauenswürdig sind, oderLieferketten kompromittiert werden.Die Blockchain kann dabei helfen, diese realen Probleme zu lösen und Manipulationssicherheit, Datenintegrität und Trust zu gewährleisten. Im Kern ist Blockchain ein System von Datensätzen, die über…
Beyond cryptocurrency: Blockchain 101 for CISOs and why it matters

Aug 8, 2025 2:11 PM

Tags: access, ai, api, attack, blockchain, breach, ciso, compliance, container, control, credentials, crypto, data, framework, gartner, governance, identity, incident response, infrastructure, international, malicious, nist, regulation, risk, saas, sbom, software, supply-chain, technology, threat, tool, unauthorized, vulnerability, zero-trust

Decentralization. Eliminates single points of failure or compromise Immutability. Data written to the chain is nearly impossible to change Verifiability. Stakeholders can independently verify logs or data integrity Transparency + confidentiality. You can audit metadata while encrypting sensitive content According to Gartner, 20% of large enterprises will use blockchain for digital trust initiatives by 2025. That’s not hype, it’s…
Beyond cryptocurrency: Blockchain 101 for CISOs and why it matters

Aug 8, 2025 2:11 PM

Tags: access, ai, api, attack, blockchain, breach, ciso, compliance, container, control, credentials, crypto, data, framework, gartner, governance, identity, incident response, infrastructure, international, malicious, nist, regulation, risk, saas, sbom, software, supply-chain, technology, threat, tool, unauthorized, vulnerability, zero-trust

Decentralization. Eliminates single points of failure or compromise Immutability. Data written to the chain is nearly impossible to change Verifiability. Stakeholders can independently verify logs or data integrity Transparency + confidentiality. You can audit metadata while encrypting sensitive content According to Gartner, 20% of large enterprises will use blockchain for digital trust initiatives by 2025. That’s not hype, it’s…
Beyond cryptocurrency: Blockchain 101 for CISOs and why it matters

Aug 8, 2025 2:11 PM

Tags: access, ai, api, attack, blockchain, breach, ciso, compliance, container, control, credentials, crypto, data, framework, gartner, governance, identity, incident response, infrastructure, international, malicious, nist, regulation, risk, saas, sbom, software, supply-chain, technology, threat, tool, unauthorized, vulnerability, zero-trust

Decentralization. Eliminates single points of failure or compromise Immutability. Data written to the chain is nearly impossible to change Verifiability. Stakeholders can independently verify logs or data integrity Transparency + confidentiality. You can audit metadata while encrypting sensitive content According to Gartner, 20% of large enterprises will use blockchain for digital trust initiatives by 2025. That’s not hype, it’s…
What Is A Software Bill of Materials (SBOM) 4 Critical Benefits

Aug 4, 2025 10:28 PM

Tags: sbom, software

Learn how SBOMs improve transparency, security, and compliance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/what-is-a-software-bill-of-materials-sbom-4-critical-benefits/
AIBOMs are the new SBOMs: The missing link in AI risk management

Aug 4, 2025 8:28 AM

Tags: ai, ceo, cyber, data, risk, risk-management, sbom, training

In this Help Net Security interview, Marc Frankel, CEO at Manifest Cyber, discusses how overlooked AI-specific risks, like poisoned training data and shadow AI, can lead to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/04/marc-frankel-manifest-cyber-aiboms-sboms/
SBOM für KI – BSI fordert Transparenz bei KI-Lieferketten

Jul 1, 2025 9:33 AM

Tags: ai, bsi, sbom

First seen on security-insider.de Jump to article: www.security-insider.de/bsi-fordert-transparenz-bei-ki-lieferketten-a-8a765fc72d1226d3e14f0a3e842a7519/
BSI führt G7-Initiative an: Erstes Konzept für ‘SBOM for AI” veröffentlicht

Jun 18, 2025 8:54 AM

Tags: ai, bsi, risk, sbom, software

Transparenz als Grundpfeiler für sichere Künstliche Intelligenz: Im Rahmen des G7-Cybersicherheitsgipfels in Ottawa hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) gemeinsam mit internationalen Partnern ein gemeinsames Konzept für eine ‘Software Bill of Materials” (SBOM) für KI-Systeme vorgestellt. Die Initiative soll künftig Klarheit über Modelle, Datenquellen und Risiken entlang des gesamten KI-Lebenszyklus schaffen. First…
Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security

Jun 18, 2025 8:54 AM

Tags: container, monitoring, sbom, tool

As applications become more distributed, traditional monitoring and security tools are failing to keep pace. This article explores how eBPF, when utilized by the graduated … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/18/ebpf-cilium-tetragon-sboms-security/
SBOM for AI: BSI-geleitete G7-Arbeitsgruppe veröffentlicht gemeinsames Konzept

Jun 18, 2025 1:54 AM

Tags: ai, bsi, sbom

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/sbom-for-ai-bsi-leitung-g7-arbeitsgruppe-veroeffentlichung-konzept
DoD issues new marching orders on secure software and SBOMs

Jun 11, 2025 3:55 PM

Tags: defense, sbom, software, supply-chain
SBOM management and generation: How Sonatype leads in software supply chain visibility

May 27, 2025 7:54 PM

Tags: sbom, software, supply-chain, threat, vulnerability
The Security Gap JPMorgan Chase’s CISO Didn’t Mention”Š”, “ŠAnd Why It’s in Your Browser

May 13, 2025 10:38 PM

Tags: access, adobe, api, apple, attack, browser, business, chrome, ciso, cloud, compliance, conference, control, credentials, crypto, cyber, data, detection, dora, endpoint, exploit, finance, gartner, google, grc, identity, infrastructure, microsoft, monitoring, nis-2, open-source, password, phishing, ransomware, regulation, resilience, risk, risk-assessment, saas, sbom, software, technology, theft, threat, tool, unauthorized, update, vulnerability

The Security Gap JPMorgan Chase’s CISO Didn’t Mention”Š”, “ŠAnd Why It’s in Your Browser When the CISO of JPMorgan Chase issues a public letter to all technology vendors, the industry pays attention”Š”, “Šand rightfully so. In his open letter, Rohan Amin lays out a firm, urgent call: prioritize secure-by-design practices, patch faster, and take full accountability…