Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SBOM

The SBOM of the Future Must Be Dynamic

Companies are increasingly turning to a Software Bill of Materials (SBOM) to provide them with information about what is in their individual software environment. SBOMs have already shown promising results. In a study from the Linux Foundation, over 44% of respondents said that a software bills of materials (SBOM) improves some aspects of their development processes.

The Log4j Vulnerability is Still Out There: How a Dynamic SBOM Helps You Find It

Despite the time that’s passed between its discovery and today, Log4Shell continues to plague the tech industry. The number of downloads of exploitable Log4j packages has remained consistent, and because it nests itself deep in files, it is often difficult for current tools to find vulnerabilities. A recent report from Rezilion finds that almost 60% of packages affected by the vulnerability remained untouched, and over 90,000 publicly facing servers are still running obsolete versions of Log4j.

TAG Cyber: Dynamic SBOMs Help Secure the Software Attack Surface

Software attack surface management (SASM) provides an effective way to secure software throughout an organization’s software development life cycle (SDLC). Rezilion’s dynamic software bill of materials (Dynamic SBOM) effectively implements SASM for practical enterprise environments, according to a new report from cybersecurity research and advisory firm TAG Cyber.

Look For These SBOM Features to Future Proof Your Software Supply Chain

Cybersecurity attacks aren’t aimed solely at individual organizations anymore. In a growing number of cases, these incidents are affecting numerous companies within supply chains. Just look at some of the recent cyber events, including the attacks against Solarwinds and Kaseya, and vulnerabilities such as the one discovered in Log4j in late 2021. These incidents reveal weaknesses within supply chains that can lead to repercussions for hundreds or thousands of companies.

Our Vision for SBOMs is Dynamic

In previous posts we’ve expounded on the importance of using a dynamic rather than a static software bill of materials (SBOM), and how these SBOMs can translate into stronger cyber security. Now we want to share our vision of what a dynamic SBOM needs to be. Rezilion’s Dynamic Software Bill of Materials, now generally available for on-premises and cloud environments, is designed to help organizations actively manage security across the entire software development life cycle (SDLC).

(SBOM) Creation of your Software Bill of Materials

Because of growing software supply chain cyber-attacks and incidents like Log4J, tracking your Software Bill of Materials has become essential. It’s a list of the “ingredients” that make up a piece of software. SBOMs are used by software producers to manage components, software buyers to assess security and compliance, and operators to monitor risks and threats. SBOMs are required by military, and government agencies and will likely become the norm, especially in highly regulated industries. Documenting and reporting your SBOM will become a universal best practice.

3 Ways a Dynamic SBOM Enhances Security

In a previous post, we described why a software bill of materials (SBOM) needs to be dynamic in order to be valuable for organizations. One of the biggest sources of that value is the enhanced security that dynamic SBOMs can deliver for organizations An SBOM creates a foundational data layer on which further security tools, policies and practices can be built. The U.S.

Generating an SBOM is just the tip of the iceberg

It has been nearly a year since the President Biden’s Executive Order 14028 catapulted Software Bills of Materials (SBOMs) from niche topic to the forefront of efforts to improve security of cyber supply chains. Since then not only have federal agencies including NIST and CISA delivered significant amounts of guidance and insight, but SBOMs have been the subject of intense debate across developer communities and beyond.