The other week in San Francisco at IETF117, a group of developers and subject matter experts gathered to do just that. The IETF mission is: “To make the internet work better by producing high quality, relevant technical documents that influence the way people design, use, and manage the internet.” This standards body is quite unique – anyone with the right passion can join. Believe it or not, humming is a measure of consensus.

In a world where software tools are spawning businesses each day, and cyberattacks and threats are increasing rapidly, ensuring the clarity and security of these tools has become a top priority. Regulators suggest new tools and standards to ease the complexities in a software supply chain. One such tool is the Software Bill of Materials (SBOM). It lists all the components used in building the software and helps identify the weak spots.

Last month, Adobe’s Chief Trust Officer Dana Rao testified to Congress about the importance of content provenance, encouraging Congress to require platforms to maintain proof of origin for content, ensuring that “attributions are not stripped away, and artists can receive credit for their work.” Following Rao’s testimony, Google, Microsoft, Amazon, and other AI leaders met at the White House to voluntarily agree to “ Develop and deploy mechanisms that enable users to under

DevSecOps is an impeccable methodology that combines development, operations (DevOps), and security practices in the Software Development Lifecycle (SDLC). In this methodology, security comes into play from the beginning and is a shared responsibility instead of an afterthought. However, with the ever-evolving digital landscape, and continuous use of third-party and open-source components, DevSecOps teams need to fortify this methodology to minimize the risk and make their software more resilient.

A staggering 96% of organizations utilize open-source libraries, yet fewer than 50% actively manage the security vulnerabilities within these libraries. Vulnerabilities are welcome mats for breaches from bad actors, and once they've entered your system, the impact can be colossal. A software bill of materials (SBOM) is an important tool for managing the security of open-source software.

In a significant stride towards strengthening cybersecurity practices and protecting the nation’s digital future, the White House has issued a formal National Cybersecurity Implementation Plan, and named the 5 pillars that it believes are critical to successfully implementing its cybersecurity strategy.

Software today relies heavily on open source, third-party components, but these reusable dependencies sometimes inadvertently introduce security vulnerabilities into the code of developers who use them. Some of the most serious vulnerabilities discovered in recent years—like the OpenSSL punycode vulnerability, Log4Shell (Log4j), and Dirty Pipe (Linux)—reside in popular open source packages, making them so widespread that they could compromise almost the entire software ecosystem.