Software and Security Bill of Materials (SBOMs) have been already part of the Energy and Healthcare supply chain requirements for a number of years. Followed by the US government and its agencies, now being picked up also as a requirement and also good practice in many other industries. In Europe aim is to ensure manufacturers…
During this webinar one of the global application security experts Steven Wierickx from OWASP and Toreon guided us through the concepts and methodologies for Software Composition Analysis – a method used in different toolsets, that analyse software for its ingredients and support developers and security engineers in detecting potential errors, leakages and vulnerabilities. Many of…
The Dutch CyberSecurity Center (NCSC) commissioned CapGemini Invent in 2020 to explore the state of the current landscape, the potential purposes, and uses of SBoM in a cybersecurity context. The research report from February 2021 describes the potential for software production, choosing and procurement, operating of software, and for SecDevOps. The general findings are: 1. …
On November 10th, the IIoTSBOM team held its annual F2F event at the Beacon in Antwerp, with participation of several product manufacturing companies and SBOM technology providers such as TrustSource, Irdeto, Asvin and Fortress Information Security. For more information, documentation and video recordings, visit the event pages.
The European Union Agency for CyberSecurity (ENISA) released its Guidelines for Securing the IoT – Secure Supply Chain for IoT in November 2020. SBOMs are part of the guidelines for both the processes PRO-05 “Identifying Third-Party Software” and PRO-13 “Provide Software Bill Of Materials (SBOMs) for IoT Devices” ENISA publication: https://www.enisa.europa.eu/news/enisa-news/iot-security-enisa-publishes-guidelines-on-securing-the-iot-supply-chain Document page: https://www.enisa.europa.eu/publications/guidelines-for-securing-the-internet-of-things
The NIST SSDF (SP 800-218) serves as the focal point for capturing and operationalizing U.S. government software security expectations. In February, SP 800-218 replaced the original 2020 NIST cybersecurity white paper, formalizing the SSDF as the government’s seminal software security organizing construct. The document describes a set of foundational practices for secure software development and…
“… reusable components and open source software have simplified software development, this simplicity has exposed a critical visibility gap … This ties directly into the continuous integration and continuous deployment (CI/CD) process. DevOps SBOM 101”
Feb 14, 2022. Software bills of materials improve the visibility, transparency, security and integrity of proprietary and open-source code in software supply chains. To realize these benefits, software engineering leaders should integrate SBOMs throughout the software delivery life cycle. Gartner’s Innovation Insights for SBOMs.
Relevance of Security by Design for IoT Certification “The IEC 62443-4-1 certification specifies process requirements for the secure development of products, ensuring the highest levels of cybersecurity throughout the whole product and application lifecycle. ” according to Eurotech in IoTWorld Today
Log4J — Apache’s Java-based logging utility, has exposed once again the complexities of securing applications that use open-source code libraries. “SBOMs are a start but they are only a piece of the puzzle,” InformationWeek reports on the need for SBOM.
