Security | Threat Detection | Cyberattacks | DevSecOps | Compliance



What's in an SBOM?

More and more organizations are deploying a software bill of materials (SBOM) to identify and track the various components of the software products they develop or use. The goals of using SBOM might include a desire to enhance software security, comply with U.S. federal government mandates, improve the software supply chain or some other reason. Regardless of the motivation for deploying an SBOM strategy, it’s important to know exactly what goes into an SBOM.


How To Align Your SBOM with the US Government Executive Order

One of the requirements of Executive Order 14028, issued in May 2021 and designed to improve the nation’s cybersecurity, is that software producers who supply the federal government provide a software bill of materials (SBOM) for each product. An SBOM is a formal record containing the details and supply chain relationships of various components used in building software products.


SBOM Problems and Inaccuracies Can Hamper Usability

Overcoming SBOM problems can be challenging. But the value of an SBOM – also known as a Software Bill of Materials – is generally undisputed: They provide much-needed visibility into the details of open source and proprietary software components and the supply chain. Their intent is to give developers, buyers, and operators a better understanding of the supply chain so organizations can better track known or emerging vulnerabilities and risks.


Want to Stretch Your Security Budget? Read Our Guide

In an uncertain economy, getting sufficient funding for security budget projects can be hard to come by. Organizations are being more cautious about spending, which means security leaders must adapt accordingly. They need to be more discerning in how they plan their budgets. Fortunately, there are ways CISOs and other cybersecurity leaders can gain efficiencies and be smarter about how they conduct operations. Here are four tactics they can employ to maximize their cybersecurity investments:


Secrets to Enhancing Your DevSecOps Strategy

Building a successful DevSecOps strategy based on collaboration is key to its success. First, what is DevSecOps? It’s is a practice that combines development, security and operations. It is an extension of DevOps and it advocates for integrating security at the outset of the development process–instead of waiting until the end.

Rezilion Research Discovers Hidden Vulnerabilities in Hundreds of Docker Container Images

Rezilion announces release of the company's new research, "Hiding in Plain Sight: Hidden Vulnerabilities in Popular Open Source Containers," uncovering the presence of hundreds of docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools.

Automation Helps Address Vulnerability Management Amid a Cybersecurity Skills Gap

Automation is an important element amid an ongoing cybersecurity skills gap. Anyone who works in the cybersecurity field knows that there has been a skills shortage going on for years. And unfortunately, there are no signs that the gap between demand and supply will close anytime soon. This is a frightening scenario for security leaders and their organizations, because the attacks and attackers keep getting more sophisticated and the threat landscape more complex.


Fast Facts: How to Find and Fix the Log4j Vulnerability in Under 2 Minutes

Many organizations still need to find the Log4j vulnerability in their environment and address the risk. The news about Log4Shell, the vulnerability impacting the Apache Log4j software library, first burst onto the scene and became a headache for admins everywhere in December 2021. But the fall-out is far from over.