CISA best practices
What Federal Agencies Need to Know About CISA’s 2025 SBOM Minimum Elements
In August, the US Cybersecurity and Infrastructure Security Agency (CISA) published a draft for public comment on updated guidance building on NTIA's 2021 The Minimum Elements for a Software Bill of Materials ...
Metadata of Americans Stolen in Chinese Hack: U.S. Official
The call metadate of a "large number" of Americans was stolen by Chinese state-sponsored Salt Typhoon's hack of eight U.S. telecoms and dozens more around the world, according to U.S. officials, who ...
Securing your software supply chain with CISA’s new SBOM guidance
With new and increasing cyber threats abound, navigating global software regulations and staying informed and compliant can seem like an unending task. To help mitigate risks within the software applications organizations use ...
Secure Software Development Attestation Form: Sonatype helps you comply
On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) unveiled the final version of the Secure Software Development Attestation Form. This pivotal ...
A demand for real consequences: Sonatype’s response to CISA’s Secure by Design
In the fast-changing fields of cybersecurity and software development, the importance of creating secure software is more crucial than ever. Recently, my colleagues and I at the Open Source Security Foundation (OpenSSF) ...
