Security | Threat Detection | Cyberattacks | DevSecOps | Compliance



Dynamic SBOM = SBOM + VEX

In recent months there has been a lot of discussion around the importance of Software Bills of Materials (SBOM) and Vulnerability Exploitability Exchange (VEX) when it comes to managing software vulnerabilities. Organizations can combine the SBOM and VEX to get a more contextualized view of the actual risk present in their environment. In this blog post, we examine how SBOMs and VEX do not need to be 2 artifacts.


Harmonizing the Federal Effort on Automating Software Bill of Materials

When the Biden administration released Executive Order 14028, “Improving the Nation's Cybersecurity”, it included guidance to enhance the security of the nation’s software supply chain. As a result, key building blocks are being developed to both strengthen software security and bolster software Supply Chain Risk Management (SCRM) programs across the Federal government.


SBOM 101 - All the questions you were afraid to ask Software Bill of Materials

During many recent security incidents, we hear a lot of messages about the lack of knowledge of the code dependencies, attacks to the software supply chain, Software Bill of Materials (SBOM), digital signatures, provenance, attestation, etc. The fact is, every time a new vulnerability appears in the landscape, we usually need to spend a lot of time and effort to detect the real impact on the applications and services that are running in our environment.


Report: The Role of the SBOM in Securing the Software Supply Chain

The software supply chain is under attack, and never has it been more critical to secure it. In doing so, organizations will lessen the risk of a hacker’s ability to gain unauthorized access to development environments and infrastructure. This can include version control systems, artifact registries, open-source repositories, continuous integration pipelines, build servers, or application servers.


Is the SBOM Part of Your Software Security Lifecycle?

The software bill of materials (SBOM) is becoming an increasingly important element in the software development lifecycle (SDLC). In fact, given the rising threats based on software vulnerabilities and the growing use of applications to run or support all kinds of business processes, any organization that’s not using SBOMs is putting itself at real risk. An SBOM is an extensive list of all the components contained in a given software product.


Mend API Helps Make SBOMs Simple

The proliferation of third-party software components such as open source software(OSS) has triggered a growing need to keep track of it all. Why? Because when security vulnerabilities inevitably crop up in open source components, it’s pretty important to know whether your company uses that piece of code – or whether it appears in the myriad software dependencies inherent in open source.

AppSec Decoded: Methods and tools for SBOM generation | Synopsys

President Biden’s executive order calls for agencies to buy only software products that have a software Bill of Materials (SBOM). Mike McGuire, security solutions manager at Synopsys, and Taylor Armerding, security advocate at Synopsys, discuss the role SBOMs will play in application security and what tools and methods organizations can leverage to create a comprehensive SBOM.