In the continuous delivery (CI)/continuous delivery (CD) pipeline, one of the key ingredients to add to the pot is software composition analysis (SCA), an automated process that identifies the open source software in a codebase. We know that app development teams are under pressure to deliver releases with new features and fix bugs as quickly as possible–and before the competition does. Increasingly, they rely on CI/CD to build, test, and quickly add small updates.

A Software Bill of Materials – also known as an SBOM – has emerged as another effective tool in the arsenal as organizations look to secure their supply chains. But there is currently a lack of standardization for SBOMs, making it challenging to establish a ground truth. Use of SBOMs has gained momentum since the Biden Administration’s executive order mandating that IT providers that work with the federal government must provide an SBOM to do so. This is not just a U.S.

More and more organizations are deploying a software bill of materials (SBOM) to identify and track the various components of the software products they develop or use. The goals of using SBOM might include a desire to enhance software security, comply with U.S. federal government mandates, improve the software supply chain or some other reason. Regardless of the motivation for deploying an SBOM strategy, it’s important to know exactly what goes into an SBOM.

A software bill of materials (SBOM) can be a powerful tool for enhancing security through improved vulnerability management. It can also help organizations meet their software licensing compliance requirements—no small consideration given how much software a typical organization uses.

One of the requirements of Executive Order 14028, issued in May 2021 and designed to improve the nation’s cybersecurity, is that software producers who supply the federal government provide a software bill of materials (SBOM) for each product. An SBOM is a formal record containing the details and supply chain relationships of various components used in building software products.

Overcoming SBOM problems can be challenging. But the value of an SBOM – also known as a Software Bill of Materials – is generally undisputed: They provide much-needed visibility into the details of open source and proprietary software components and the supply chain. Their intent is to give developers, buyers, and operators a better understanding of the supply chain so organizations can better track known or emerging vulnerabilities and risks.

In an uncertain economy, getting sufficient funding for security budget projects can be hard to come by. Organizations are being more cautious about spending, which means security leaders must adapt accordingly. They need to be more discerning in how they plan their budgets. Fortunately, there are ways CISOs and other cybersecurity leaders can gain efficiencies and be smarter about how they conduct operations. Here are four tactics they can employ to maximize their cybersecurity investments:

Building a successful DevSecOps strategy based on collaboration is key to its success. First, what is DevSecOps? It’s is a practice that combines development, security and operations. It is an extension of DevOps and it advocates for integrating security at the outset of the development process–instead of waiting until the end.

We’re excited to release an important piece of research today about dangerous vulnerabilities hiding in container images that are commonly used and found in organizations around the world.