SBOM
SBOM management and generation: How Sonatype leads in software supply chain visibility
As software supply chain threats become more complex, organizations need more than just vulnerability scanning — they need complete visibility into the components that make up their applications ...
How SBOMs power secure software acquisition | Sonatype Blog
CISA's Supply Chain Integrity Month reminds us of an undeniable truth about modern software development: transparency in software supply chains is no longer optional. The theme of week 4 is "Transparency: Securing ...
How SBOMs drive a smarter SCA strategy
Modern software is largely assembled from open source components, constituting up to 90% of today's codebases. Managing the security and compliance risks associated with this external code is no longer optional — ...
Will the FDA Start Banning Chinese-Made Medical Devices?
Interview with Joe Silvia, CEO of MedWare Cyber Click here to listen. In late January, the FDA issued a safety warning on Contec CMS8000 patient monitors and those relabeled as MN-120. The ...
Everything While Training: Lessons on C and C++ Secure Coding Practices with Tanya Janca
Click here for full interview. In this show, we speak with Tanya Janca, aka SheHacksPurple, a renowned code security trainer with nearly 30 years of experience in application development, engineering, and testing ...
U.S. Bans Software and Firmware Products From Adversarial Countries
In January 2024, U.S. law went into effect that would ban smart cars with Russian and Chinese technology and protect the vehicle supply chain due to concerns about the privacy of consumer ...
AI Wars Playing Out in Application Attacks and Defenses
Deb Radcliff interviews Bugcrowd founder and white hat hacker, Casey Ellis. As if protecting applications wasn’t tough enough, attackers are now leveraging AI to find and exploit application vulnerabilities faster, outpacing patch ...
Preparing for PCI DSS 4.0: How Sonatype SBOM Manager can streamline and accelerate your transition
Payment Card Industry Data Security Standard (PCI DSS) was developed to strengthen payment account data security and standardize globally the necessary security controls. The transition from PCI DSS 3.2.1 and earlier versions ...
Proactive compliance with Sonatype: Automating reporting for U.S. Army SBOM requirements
We've been closely following the regulatory response to the increasing frequency with which cybersecurity attacks target software supply chains ...
OWASP Top 10: What’s C Got to Do With It?
Deb Radcliff interviews OWASP Top Ten core team member Brian Glas. What do the OWASP Top Ten web application vulnerabilities have to do with C languages? And where do those vulnerabilities coincide ...
