software bill of materials
From SBOMs to AI BOMs: Why SPDX 3.0 Matters
Software bill of materials (SBOM) strategies are rapidly evolving. What began as a way to track open source components for compliance and vulnerability management is quickly expanding into something much larger: a ...
Advisories Are Now Exploit Specs. Act Accordingly.Â
The zero-day-to-n-day collapse is no longer theoretical, as demonstrated by CVE-2026-39987 in Marimo, which saw initial exploitation occur just nine hours and 41 minutes after disclosure without a public proof-of-concept. The real ...
The Time Is Now to Prepare for CRA Enforcement
When the EU Cyber Resilience Act (CRA) was introduced into law in 2024, it represented one of the most significant regulatory shifts we've seen anywhere in the world with implications for how ...
OMB Rolled Back the Rules. Security Did Not Get Easier
The U.S. Office of Management and Budget (OMB)'s decision to rescind M-22-18 and M-23-16 and replace them with M-26-05 has been framed as a win for flexibility and a rollback of security ...
CMMC 2.0 in Action: Operationalizing Secure Software Practices Across the Defense Industrial Base
For years, the DoD has lost sensitive Controlled Unclassified Information (CUI) through breaches in the Defense Industrial Base (DIB). Adversaries targeted smaller, less secure subcontractors to steal valuable intellectual property tied to ...
Transforming Software Compliance with AI SBOM Management
If your software serves federal missions, you face twin pressures to move faster and prove exactly what's in your software ...
From Awareness to Assurance in Federal Software Development
Nothing brings the value of cybersecurity into focus quite like being in the throes of a breach. As we approach the mid-point of National Cybersecurity Awareness Month, it's a good time to ...
New Wave of Self-Replicating NPM Malware Exposes Critical Gaps in Software Supply Chain Security
The Shai-Hulud NPM worm highlights rising open-source supply chain threats. Secure builds with SBOMs, MFA, signed packages, and zero-trust defenses ...
What Federal Agencies Need to Know About CISA’s 2025 SBOM Minimum Elements
In August, the US Cybersecurity and Infrastructure Security Agency (CISA) published a draft for public comment on updated guidance building on NTIA's 2021 The Minimum Elements for a Software Bill of Materials ...
SBOM Manager New Features Accelerate Compliance and Security at Scale
Effective management of software bills of materials (SBOMs) is now crucial for ensuring security, achieving compliance, and optimizing operational efficiency ...
