Cap Gemini 2021 Report on SBOMs

The Dutch CyberSecurity Center (NCSC) commissioned CapGemini Invent in 2020 to explore the state of the current landscape, the potential purposes, and uses of SBoM in a cybersecurity context. The research report from February 2021 describes the potential for software production, choosing and procurement, operating of software, and for SecDevOps. The general findings are: 1.           …

IIoTSBOM Annual

On November 10th, the IIoTSBOM team held its annual F2F event at the Beacon in Antwerp, with participation of several product manufacturing companies and SBOM technology providers such as TrustSource, Irdeto, Asvin and Fortress Information Security. For more information, documentation and video recordings, visit the event pages.

ENISA Publishes Guidelines on Securing IoT Supply Chain

The European Union Agency for CyberSecurity (ENISA) released its Guidelines for Securing the IoT – Secure Supply Chain for IoT in November 2020. SBOMs are part of the guidelines for both the processes PRO-05 “Identifying Third-Party Software” and PRO-13 “Provide Software Bill Of Materials (SBOMs) for IoT Devices” ENISA publication: https://www.enisa.europa.eu/news/enisa-news/iot-security-enisa-publishes-guidelines-on-securing-the-iot-supply-chain Document page: https://www.enisa.europa.eu/publications/guidelines-for-securing-the-internet-of-things

NIST releases SSDF Secure Development

The NIST SSDF (SP 800-218) serves as the focal point for capturing and operationalizing U.S. government software security expectations. In February, SP 800-218 replaced the original 2020 NIST cybersecurity white paper, formalizing the SSDF as the government’s seminal software security organizing construct.  The document describes a set of foundational practices for secure software development and…

Using SBOMs in DevOps

“… reusable components and open source software have simplified software development, this simplicity has exposed a critical visibility gap … This ties directly into the continuous integration and continuous deployment (CI/CD) process. DevOps SBOM 101”

Gartner on SBOM

Feb 14, 2022. Software bills of materials improve the visibility, transparency, security and integrity of proprietary and open-source code in software supply chains. To realize these benefits, software engineering leaders should integrate SBOMs throughout the software delivery life cycle. Gartner’s Innovation Insights for SBOMs.

SBOM supporting Certification

Relevance of Security by Design for IoT Certification “The IEC 62443-4-1 certification specifies process requirements for the secure development of products, ensuring the highest levels of cybersecurity throughout the whole product and application lifecycle. ” according to Eurotech in IoTWorld Today

IIoTSBOM kickoff

On October 24th,  the Flemish Agency for Innovation and Entrepeneurship VLAIO announced the approval for COOCK IIoTSBOM. With participation from the CyberSecurity and Infrastructure Security Agency  (CISA) of the US government, LSEC – Leaders In Security, KU Leuven COSIC and Flanders Make have launched the initiative in Flanders to ensure awareness and adoption of the Software…