The White House issued a memorandum that requires each federal agency to comply with the NIST Guidance when using third-party software on the agency’s information systems and to inventory all software subject to its requirements within 90 days. As part of the new guidance that follows the executive order “Improving the Nation’s Cybersecurity” issued in … continue reading
This week, Microsoft announced Salus, an open-source software bill of materials (SBOM) tool, following the Executive Order on Improving the Nation’s Cybersecurity which made SBOMs a key requirement. The tool generates SBOMs across Windows, Linux, and Mac, and uses the standard Software Package Data Exchange (SPDX) format. Salus can be integrated into build workflows and … continue reading
Despite recent events, like the discovery of the Log4j vulnerability late last year, that have highlighted the need for companies to have insight into what open source components they are utilizing, and what versions, fewer than half of companies have a software bill of materials (SBOMs) in place. This is according to a report by … continue reading
Too many companies are missing a key software component in their businesses: their software bill of materials (SBOM). A SBOM is a list of all the components that make up a piece of software. According to Brian Fox, chief technology officer at Sonatype, while some may think it is a trivial requirement, it provides transparency … continue reading