software bill of materials Archives

vulnerabilities, root cause, Microsoft Storm-1152 fake accounts CaaS

Advisories Are Now Exploit Specs. Act Accordingly.

Tony Camp | May 20, 2026 | ai exploitation, asset inventory, CVE-2026-39987, Cybersecurity, Marimo, patch management, SBOM, software bill of materials, Vulnerability Disclosure

The zero-day-to-n-day collapse is no longer theoretical, as demonstrated by CVE-2026-39987 in Marimo, which saw initial exploitation occur just nine hours and 41 minutes after disclosure without a public proof-of-concept. The real ...

Security Boulevard

The Time Is Now to Prepare for CRA Enforcement

Aaron Linskens | April 22, 2026 | EU Cyber Resilience Act, government, Liability Regulation, open source risks, policy enforcement, risk management, SBOM, software bill of materials

When the EU Cyber Resilience Act (CRA) was introduced into law in 2024, it represented one of the most significant regulatory shifts we've seen anywhere in the world with implications for how ...

2024 Sonatype Blog

OMB Rolled Back the Rules. Security Did Not Get Easier

Sonatype | March 10, 2026 | Compliance, Federal, government, risk management, SBOM, software bill of materials, Software Security

The U.S. Office of Management and Budget (OMB)'s decision to rescind M-22-18 and M-23-16 and replace them with M-26-05 has been framed as a win for flexibility and a rollback of security ...

2024 Sonatype Blog

CMMC 2.0 in Action: Operationalizing Secure Software Practices Across the Defense Industrial Base

Antoine Harden | November 5, 2025 | Defense, Department of Defense, DevSecOps, Federal, government, SBOM, software bill of materials

For years, the DoD has lost sensitive Controlled Unclassified Information (CUI) through breaches in the Defense Industrial Base (DIB). Adversaries targeted smaller, less secure subcontractors to steal valuable intellectual property tied to ...

2024 Sonatype Blog

Transforming Software Compliance with AI SBOM Management

Aaron Linskens | October 29, 2025 | Artificial Intelligence, Compliance, Federal, generative AI, risk, SBOM, SBOM Manager, software bill of materials

If your software serves federal missions, you face twin pressures to move faster and prove exactly what's in your software ...

2024 Sonatype Blog

From Awareness to Assurance in Federal Software Development

Antoine Harden | October 16, 2025 | Automation, Federal, government, SBOM, secure by design, software bill of materials

Nothing brings the value of cybersecurity into focus quite like being in the throes of a breach. As we approach the mid-point of National Cybersecurity Awareness Month, it's a good time to ...

2024 Sonatype Blog

New Wave of Self-Replicating NPM Malware Exposes Critical Gaps in Software Supply Chain Security

Alan Shimel | September 19, 2025 | AI-driven malware, cryptographic checks NPM, dependency scanning, developer security hygiene, Node.js security, NPM worm malware, open source package manager risks, open source vulnerabilities, SBOM best practices, signed package publishing, software bill of materials, software supply chain attacks 2025, supply chain security, typosquatting attacks, zero-trust build environments

The Shai-Hulud NPM worm highlights rising open-source supply chain threats. Secure builds with SBOMs, MFA, signed packages, and zero-trust defenses ...

Security Boulevard

What Federal Agencies Need to Know About CISA’s 2025 SBOM Minimum Elements

Tom Tapley | September 17, 2025 | CISA best practices, Federal, government, risk management, SBOM, software bill of materials

In August, the US Cybersecurity and Infrastructure Security Agency (CISA) published a draft for public comment on updated guidance building on NTIA's 2021 The Minimum Elements for a Software Bill of Materials ...

2024 Sonatype Blog

SBOM Manager New Features Accelerate Compliance and Security at Scale

Aaron Linskens | August 21, 2025 | Compliance, licenses, SBOM, SBOM Manager, software bill of materials, Software Security

Effective management of software bills of materials (SBOMs) is now crucial for ensuring security, achieving compliance, and optimizing operational efficiency ...

2024 Sonatype Blog

SBOM Best Practices: What Global Leaders Are Asking and Doing

Aaron Linskens | August 13, 2025 | Best Practices, Compliance, Leadership, SBOM, SBOM Manager, software bill of materials

The software bill of materials (SBOM) drives the shift from compliance checkbox to cornerstone of modern software security, equipping organizations to navigate supply chain threats, evolving regulations, and the complexity of AI-generated ...

2024 Sonatype Blog

software bill of materials

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On