The Dutch CyberSecurity Center (NCSC) commissioned CapGemini Invent in 2020 to explore the state of the current landscape, the potential purposes, and uses of SBoM in a cybersecurity context. The research report from February 2021 describes the potential for software production, choosing and procurement, operating of software, and for SecDevOps. The general findings are: 1. …
On November 10th, the IIoTSBOM team held its annual F2F event at the Beacon in Antwerp, with participation of several product manufacturing companies and SBOM technology providers such as TrustSource, Irdeto, Asvin and Fortress Information Security. For more information, documentation and video recordings, visit the event pages.
The European Union Agency for CyberSecurity (ENISA) released its Guidelines for Securing the IoT – Secure Supply Chain for IoT in November 2020. SBOMs are part of the guidelines for both the processes PRO-05 “Identifying Third-Party Software” and PRO-13 “Provide Software Bill Of Materials (SBOMs) for IoT Devices” ENISA publication: https://www.enisa.europa.eu/news/enisa-news/iot-security-enisa-publishes-guidelines-on-securing-the-iot-supply-chain Document page: https://www.enisa.europa.eu/publications/guidelines-for-securing-the-internet-of-things
The NIST SSDF (SP 800-218) serves as the focal point for capturing and operationalizing U.S. government software security expectations. In February, SP 800-218 replaced the original 2020 NIST cybersecurity white paper, formalizing the SSDF as the government’s seminal software security organizing construct. The document describes a set of foundational practices for secure software development and…
“… reusable components and open source software have simplified software development, this simplicity has exposed a critical visibility gap … This ties directly into the continuous integration and continuous deployment (CI/CD) process. DevOps SBOM 101”
Feb 14, 2022. Software bills of materials improve the visibility, transparency, security and integrity of proprietary and open-source code in software supply chains. To realize these benefits, software engineering leaders should integrate SBOMs throughout the software delivery life cycle. Gartner’s Innovation Insights for SBOMs.
Relevance of Security by Design for IoT Certification “The IEC 62443-4-1 certification specifies process requirements for the secure development of products, ensuring the highest levels of cybersecurity throughout the whole product and application lifecycle. ” according to Eurotech in IoTWorld Today
Log4J — Apache’s Java-based logging utility, has exposed once again the complexities of securing applications that use open-source code libraries. “SBOMs are a start but they are only a piece of the puzzle,” InformationWeek reports on the need for SBOM.
“Risk management of OSS has NOT kept pace with the OSS usage boom among public and private sectors. And without a risk management strategy, firms don’t have the budget or resources they need and, in hindsight, should have had,” according to Forrester‘s article.
On October 24th, the Flemish Agency for Innovation and Entrepeneurship VLAIO announced the approval for COOCK IIoTSBOM. With participation from the CyberSecurity and Infrastructure Security Agency (CISA) of the US government, LSEC – Leaders In Security, KU Leuven COSIC and Flanders Make have launched the initiative in Flanders to ensure awareness and adoption of the Software…