2022 was the year of the rise of the SBOM. This time of year, we take a look back at the havoc wreaked by breaches–that occurred in 2021 and earlier. The fallout from SolarWinds and Kaseya cyberattacks continued into 2022, which poignantly illustrated how vulnerable the software supply chain is. The Log4j open-source vulnerability at the end of 2021 further illuminated the need for visibility around hard-to-find flaws.

It’s time for 2023 predictions about the security industry. What’s in store for cybersecurity and development teams in 2023? Making predictions for anything related to technology and business is always a bit tricky because so much can change so quickly. Nevertheless, we are forging ahead with our best guesses about what organizations and teams can expect in the coming year.

In this manufacturing case study that showcases Rezilion, we overview how a leading manufacturing company used the platform for several challenges. This company was using a variety of tools for software security, including multiple tools for SCA and Software Bill of Materials (SBOM) generation. Rezilion’s platform was able to simplify their systems and patching for a huge savings.

Why do organizations need SCA? There are many reasons. There’s no doubt reusable components and open-source software have simplified software development, but there’s a price to pay for that convenience: a critical visibility gap so organizations cannot accurately track and summarize the vast amount of software they produce, consume and operate, according to Gartner.

Rezilion’s research team offers a 2022 vulnerabilities recap and takes a look at the headline-making vulnerabilities discovered in the last year. Read the recap in this report and find out about the status of the following vulnerabilities, as well as the date on which each was published, exploitation details, as well as mitigation and remediation advice.

CVE-2022-37958 is a vulnerability in the SPNEGO NEGOEX security mechanism in Windows released by Microsoft on the 13th of September 2022 with a CVSS score of 7.5. However, on December 13th a few interesting events around the vulnerability occurred: Apparently these events are connected to each other and the reason why Microsoft reclassified the vulnerability is because the Red Hat security researcher Valentina Palmiotti (chompie1337), proved that the vulnerability can lead to a Remote Code Execution.

CISO communication skills have never been more essential. Organizations are facing unprecedented cybersecurity risks, not the least of which are software vulnerabilities that can turn into nightmarish supply chain attacks. Headline-grabbing events over the past two years such as the attack against systems management software provider SolarWinds and the discovery of the Log4J vulnerability have raised awareness about the impact software supply chain issues can have on many companies.

Rezilion recently worked with an online retailer seeking security, efficiency, and time savings in dealing with their vulnerability backlog. Cumbersome vulnerability backlogs are a problem for most organizations. In fact, research from Ponemon Institute reveals that 66% of security leaders say they have a vulnerability backlog of over 100,000 vulnerabilities. Even more alarming, the research finds that 54% say they were able to patch less than 50% of vulnerabilities in the backlog.