Software Bill of Materials (SBOM)
OWASP looks to future-proof SBOMs with CycloneDX 1.6
The OWASP Foundation has released a new version of its CycloneDX standard for software bills of materials (SBOMs) that includes a cryptographic bill of materials (CBOM), a machine-readable approach to managing SBOMs ...
SBOMs are now essential: Make them actionable to better manage risk
All kinds of organizations, whether they sell software or only purchase it, can benefit from knowing what their software contains. The number of software supply chain attacks in recent years and the ...
All SBOMs are not created equal: How to make them actionable
With some help from the federal government, software bills of materials (SBOMs) have become an important tool for security teams looking to secure their software supply chains. However, while SBOMs can provide ...
5 best practices for putting SBOMs to work with CI/CD
Software bills of materials (SBOMs) have become a central component of enterprise efforts to secure the software supply chain. President Biden's 2021 Executive Order on Improving the Nation's Cybersecurity, EO 14028, made ...
CycloneDX 1.5: The next big step for SBOMs and software transparency
CycloneDX is one of the most popular standards for describing the components of an application, including source code, binaries, libraries, and containers. With the latest release of the specification, version 1.5, OWASP, ...
CISA SBOM-a-rama tackles challenges: 5 key takeaways
“The devil is in the details,” as the saying goes. Nowhere is that more true than in the looming requirement that software makers implement software bills of materials (SBOMs), which provide a ...
Self-attestation: What software teams need to know
Software companies supplying the U.S. federal government must begin attesting to the security of critical software by June 11 — and more deadlines for attesting to the security of a wider range ...
7 obstacles to SBOM success
The security and DevOps world is at a fever pitch with proselytizing software bills of material (SBOM). In theory, SBOMs can help organizations bolster their efforts in application security, vulnerability management — ...
What’s behind SBOM skepticism? One word: Fear
If there’s a poster child for the increased focus and attention on the security of software supply chains, it is the SBOM, or Software Bill of Materials. SBOMs are a critical component ...
How to operationalize SBOMs for incident response
As the cybersecurity industry has endeavored to reduce the risk of software supply chain security flaws, software bills of materials (SBOMs) have received a ton of attention of late, as security pundits ...
