Sonatype, Snyk and Black Duck remained atop Forrester's software composition analysis rankings as commoditization of core features has led to increased competition. Pressure in the market has increased due to both a saturation of core functionalities and license identification.
OpenSSF launched a new tool Tuesday in partnership with the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency to help simplify for federal agencies and private organizations the process of reading and generating software bills of materials.
The U.S. Cybersecurity and Infrastructure Security Agency is aiming to improve the implementation of software bills of materials across the public and private sectors as experts warn that a failure to build and use the critical inventory lists could result in "catastrophic security breaches."
Procurement experts testified to the House Subcommittee on Cybersecurity, Information Technology, and Government Innovation on Wednesday that government requirements leave too many unanswered questions and ambiguities for federal agencies when it comes to implementing SBOMs.
The U.S. Cybersecurity and Infrastructure Security Agency published guidance that offers best practices in developing consumption processes for software bills of materials, but experts told ISMG the document lacks technical specifics and warned that most organizations face SBOM resourcing issues.
In the latest "Proof of Concept," DXC Technology IT CISO and CyberEdBoard member Mike Baker and Chris Hughes, co-founder and CISO of Aquia, join ISMG editors to discuss benefits, challenges and misconceptions of adopting open-source software in modern code bases - plus best practices for securing them.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.