With all the cybersecurity benefits an SBOM offers, it’s a wonder they weren’t used in the software development life cycle long ago. Today, the need for SBOMs has grown more urgent because open source has become a core part of modern software development. At least one report finds that 75% ... Read More

There are several noteworthy software supply chain attack examples that we can learn from. Why is this important? Attacks on software supply chains can be incredibly harmful as they specifically target organizations through their third-party vendors or software, hardware, or service providers at any point in the development process. The ... Read More

A secure software supply chain requires that developers be vigilant from start to finish. The software supply chain is comprised of hardware, code, libraries, and tools that turn that code into a deliverable, and its breadth and increasing importance means it has become an attractive target for cyberattacks. If one ... Read More

A Software Bill of Materials – better known as an SBOM – can enhance your compliance posture. But how do you structure and operationalize it to ensure that it is helping with that objective? And how do you know if your SBOM complies with the Executive Order that mandates maintaining ... Read More

Failing to comply with software licensing agreements can cost you. This is one of many arguments – particularly in the financial realm – that motivate organizations to be in compliance  – and a Software Bill of Materials (SBOM) is an increasingly important tool for that goal. It’s relatively easy for an organization ... Read More

In part one of our series on software supply chain security risk, we examined six of the top software supply chain risks, but unfortunately, there are others. Code is where modern software development begins, and the supply chain makes up everything that touches that code during the software development lifecycle–from ... Read More

It cannot be stated enough that software supply chain security risks are serious as organizations are so dependent on the software supply chain, an attack could cripple their business. The effects of the Log4j vulnerability continue to be felt as it spreads through the supply chain, all but assuring that ... Read More

The Food and Drug Administration (FDA) has done more than just apply a bandage on the issue of cybersecurity-related risks in medical devices. Late last month, the FDA issued guidance for medical device companies to ensure the safety of devices like heart monitors, MRI machines, and insulin pumps. What the ... Read More

The Biden administration’s recently released National Cybersecurity Strategy goes beyond the executive order it issued in 2021, which defined security measures any organization doing business with the federal government must follow. As our white paper details, the strategy shifts cybersecurity liability “away from individuals, small businesses, and local governments, and ... Read More

SolarWinds has become almost a household name and for all the wrong reasons: beginning in 2019, the system management company was the target of one of the largest software supply chain attacks in history. Software supply chain attacks are especially insidious because they target organizations by going after their third-party ... Read More