Topic: software bill of materials

White House guidance requires agencies to inventory all software in 90 days

The White House issued a memorandum that requires each federal agency to comply with the NIST Guidance when using third-party software on the agency’s information systems and to inventory all software subject to its requirements within 90 days.  As part of the new guidance that follows the executive order “Improving the Nation’s Cybersecurity” issued in … continue reading

SD Times Open-Source Project of the Week: Salus

This week, Microsoft announced Salus, an open-source software bill of materials (SBOM) tool, following the Executive Order on Improving the Nation’s Cybersecurity which made SBOMs a key requirement.  The tool generates SBOMs across Windows, Linux, and Mac, and uses the standard Software Package Data Exchange (SPDX) format. Salus can be integrated into build workflows and … continue reading

Report: Fewer than half of companies are creating or using a software bill of materials

Despite recent events, like the discovery of the Log4j vulnerability late last year, that have highlighted the need for companies to have insight into what open source components they are utilizing, and what versions, fewer than half of companies have a software bill of materials (SBOMs) in place. This is according to a report by … continue reading

Protect your users and your business with a software bill of materials

Too many companies are missing a key software component in their businesses: their software bill of materials (SBOM). A SBOM is a list of all the components that make up a piece of software.  According to Brian Fox, chief technology officer at Sonatype, while some may think it is a trivial requirement, it provides transparency … continue reading Protection Status