Companies are increasingly turning to a Software Bill of Materials (SBOM) to provide them with information about what is in their individual software environment. SBOMs have already shown promising results. In a study from the Linux Foundation, over 44% of respondents said that a software bills of materials (SBOM) improves some aspects of their development processes.
Despite the time that’s passed between its discovery and today, Log4Shell continues to plague the tech industry. The number of downloads of exploitable Log4j packages has remained consistent, and because it nests itself deep in files, it is often difficult for current tools to find vulnerabilities. A recent report from Rezilion finds that almost 60% of packages affected by the vulnerability remained untouched, and over 90,000 publicly facing servers are still running obsolete versions of Log4j.
Software attack surface management (SASM) provides an effective way to secure software throughout an organization’s software development life cycle (SDLC). Rezilion’s dynamic software bill of materials (Dynamic SBOM) effectively implements SASM for practical enterprise environments, according to a new report from cybersecurity research and advisory firm TAG Cyber.
Cybersecurity attacks aren’t aimed solely at individual organizations anymore. In a growing number of cases, these incidents are affecting numerous companies within supply chains. Just look at some of the recent cyber events, including the attacks against Solarwinds and Kaseya, and vulnerabilities such as the one discovered in Log4j in late 2021. These incidents reveal weaknesses within supply chains that can lead to repercussions for hundreds or thousands of companies.
In previous posts we’ve expounded on the importance of using a dynamic rather than a static software bill of materials (SBOM), and how these SBOMs can translate into stronger cyber security. Now we want to share our vision of what a dynamic SBOM needs to be. Rezilion’s Dynamic Software Bill of Materials, now generally available for on-premises and cloud environments, is designed to help organizations actively manage security across the entire software development life cycle (SDLC).
In a previous post, we described why a software bill of materials (SBOM) needs to be dynamic in order to be valuable for organizations. One of the biggest sources of that value is the enhanced security that dynamic SBOMs can deliver for organizations An SBOM creates a foundational data layer on which further security tools, policies and practices can be built. The U.S.
It has been nearly a year since the President Biden’s Executive Order 14028 catapulted Software Bills of Materials (SBOMs) from niche topic to the forefront of efforts to improve security of cyber supply chains. Since then not only have federal agencies including NIST and CISA delivered significant amounts of guidance and insight, but SBOMs have been the subject of intense debate across developer communities and beyond.
