Codenotary Adds Machine Learning Algorithms to SBOM Search Tool

Codenotary this week added machine learning algorithms to the search engine it provides for its Trustcenter platform for generating and managing software bills of materials.
Compatible with the Vulnerability Exploitability eXchange format, the machine learning algorithms surface more accurate results when trying to determine what software components are running in an application environment.
Codenotary CEO Moshe Bar said that's critical because, in the absence of that capability, IT and cybersecurity teams might not discover every instance of a vulnerable software component that exists with the application binaries they have deployed.
Each SBOM tool available today will generate different results, so it's critical that IT teams standardize on a tool that provides the most consistent results, he added.
The VEX format was created for a Multistakeholder Process for Software Component Transparency led by the National Telecommunications and Information Administration, an arm of the U.S. Department of Commerce, to make it easier to share information about vulnerabilities in a standard format.
The NTIA and the Cybersecurity and Infrastructure Security Agency then worked with NTIA and Chainguard to create OpenVEX, a specification and set of tools for reporting vulnerabilities in a format that can be read by machines.
In the wake of an executive order requiring federal agencies to have access to SBOMs to make it easier to determine where vulnerabilities ae located in an application, many enterprise IT organizations have similarly adopted SBOMs to help better protect their software supply chains.
The challenge many of them are now encountering is how best to operationalize SBOMs within the context of an application remediation effort.
Many of them are also unsure how accurate SBOMs are at any given time as applications are continuously updated, noted Bar.
Trustcenter delivers code signing, provenance checks, attestation and SBOM management that include scores for assessing the severity of the risks an application represents.
In general, it's not clear how far along organizations are in terms of strengthening their software supply chains as part of the larger embrace of best DevSecOps workflows, but as developers embrace generative artificial intelligence tools to write code faster, the pace at which applications are being built has increased substantially.
Many of them are using general-purpose platforms based on large language models that were trained using samples of code collected from across the internet.
Many of those samples contained vulnerabilities that can find their way into the code generated by an AI model.
Most developers lack the expertise to recognize those vulnerabilities, so organizations will need tools capable of identifying vulnerabilities that might be multiplying across their codebase.
Conversely there may be just as many instances where developers who lack cybersecurity expertise are creating fewer vulnerabilities because of generative AI. Hopefully, LLMs that are trained on a narrow base of code will soon consistently generate more reliable code.
In the meantime SBOMs will play a critical role in enabling organizations to determine the level of application risk they are willing to assume.


This Cyber News was published on securityboulevard.com. Publication date: Fri, 22 Dec 2023 14:13:05 +0000


Cyber News related to Codenotary Adds Machine Learning Algorithms to SBOM Search Tool

The Role of Machine Learning in Cybersecurity - Machine learning plays a crucial role in cybersecurity by enhancing defense mechanisms and protecting sensitive information. The key advantage of using machine learning in cybersecurity is its ability to constantly adapt and learn from new threats. ...
9 months ago Securityzap.com
Improving Software Quality with the OWASP BOM Maturity Model - With his years of work on the CycloneDX standard, Springett understands the issues holding back SBOM usage-particularly when it comes to standardization, dependency tracking, and verification. Not to mention, he also chaired OWASP's Software ...
8 months ago Securityboulevard.com
The Role of AI in Personalized Learning - Artificial Intelligence is playing an increasingly significant role in the field of education, particularly in personalized learning. In this article, we will explore the role of AI in personalized learning, with a focus on AI-driven adaptive ...
10 months ago Securityzap.com
Codenotary Adds Machine Learning Algorithms to SBOM Search Tool - Codenotary this week added machine learning algorithms to the search engine it provides for its Trustcenter platform for generating and managing software bills of materials. Compatible with the Vulnerability Exploitability eXchange format, the ...
10 months ago Securityboulevard.com
Sonatype SBOM Manager identifies and mitigates vulnerabilities within the software supply chain - Working with the world's largest enterprises and global policymakers to address the complexities of optimizing your software supply chain with SBOMs, Sonatype announced SBOM Manager. This solution provides an integrated approach to managing SBOMs ...
7 months ago Helpnetsecurity.com
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - Our structured query language (SQL) injection detection model detected triggers containing unusual patterns that did not correlate to any known open-source or commercial automated vulnerability scanning tool. We have tested all malicious payloads ...
1 month ago Unit42.paloaltonetworks.com
The Role of IoT in Modern Education - From smart classrooms equipped with IoT devices to personalized learning platforms, IoT has paved the way for a more immersive and tailored educational experience. Overall, the integration of IoT in education holds great promise in transforming the ...
10 months ago Securityzap.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
5 months ago Securityaffairs.com
How machine learning helps us hunt threats | Securelist - In this post, we will share our experience hunting for new threats by processing Kaspersky Security Network (KSN) global threat data with ML tools to identify subtle new Indicators of Compromise (IoCs). The model can process and learn from millions ...
1 month ago Securelist.com
Online Learning Security Best Practices - The rapid increase in remote learning has raised security concerns surrounding online learning platforms. The security of online learning platforms involves implementing robust measures to protect against unauthorized access and data breaches. By ...
10 months ago Securityzap.com
Understanding SBOMs - In recent years, the adoption of open-source software in development has surged, now comprising up to 90% of what's built. There is a crucial aspect to consider when integrating open-source software components. To make sure their software is safe, ...
10 months ago Securityboulevard.com
Digital Learning Tools for Cybersecurity Education - In the field of cybersecurity education, digital learning tools have become indispensable. This article explores various digital learning tools tailored specifically to cybersecurity education. These digital learning tools play a crucial role in ...
10 months ago Securityzap.com
Cybersecurity Challenges in Remote Learning - The increasing prevalence of remote learning in the education sector has brought about new cybersecurity challenges that must be addressed. This article aims to delve into the various cyber threats faced in remote learning and provide practical ...
10 months ago Securityzap.com
30 Best Cyber Security Search Engines - In recent years, several search engines have been developed that are primarily focused on cyber security. In today's era, having all the necessary resources and search tools related to cyber security is crucial to staying protected against emerging ...
4 months ago Cybersecuritynews.com
For the Love of Learning: We're Here for You at Cisco Live 2024 Las Vegas! - Cisco Live is all about learning, as are Cisco Learning & Certifications and Cisco U. We're here to provide the opportunities you need to learn everything you can and apply your newfound knowledge as soon as possible in the tech career you want. ...
5 months ago Feedpress.me
JFrog, AWS team up for machine learning in the cloud - Software supply chain provider JFrog is integrating with the Amazon SageMaker cloud-based machine learning platform to incorporate machine learning models into the software development lifecycle. The JFrog platform integration with Amazon SageMaker, ...
9 months ago Infoworld.com
Codenotary Trustcenter 4.0 helps customers prioritize and address software security issues - Codenotary announced Trustcenter 4.0 with sophisticated capabilities to manage data in the VEX format with a newly-designed search engine guided by ML. With the latest Trustcenter, vulnerability information contained in VEX can be analyzed more ...
10 months ago Helpnetsecurity.com
Will 2024 Be the Year of the Software Bill of Materials? Experts Weigh In. - The Software Bill of Materials has become a central part of the White House National Cyber Security Strategy to help protect the software supply chain supporting government and critical infrastructure systems. Standards for expressing and consuming ...
10 months ago Securityboulevard.com
AI trends: A closer look at machine learning's role - The hottest technology right now is AI - more specifically, generative AI. The trend is so popular that every conference and webinar speaker feels obligated to mention some form of AI, no matter their field. The heavy focus on this technology ...
9 months ago Securityintelligence.com
Best Paid and Free OSINT Tools for 2024 - Open Source Intelligence tools are software applications or platforms used to collect, analyze, and interpret publicly available information from various online sources, aiding in investigations, research, and intelligence gathering. These OSINT ...
6 months ago Hackread.com
Privacy-Preserving AI: Protocols to Practice - At the same time, it increases the possibility of personal information misuse, reaching unprecedented levels of power and speed in analyzing and spreading individuals' data. Machine learning employs algorithms to analyze data, improve performance, ...
8 months ago Feeds.dzone.com
Latest Information Security and Hacking Incidents - We all are no strangers to artificial intelligence expanding over our lives, but Predictive AI stands out as uncharted waters. Unlike its creative counterpart, Generative AI, Predictive AI relies on vast datasets and advanced algorithms to draw ...
5 months ago Cysecurity.news
Exploring Technology in Classroom Learning - This article aims to explore the effective utilization of technology to enhance classroom learning experiences. Technology plays a crucial role in facilitating effective and engaging learning experiences in the classroom. With the advancement of ...
10 months ago Securityzap.com
5 Tips for Pi Day Savings at the Cisco Learning Network Store - Save 25% on select training products from the Cisco Learning Network Store for 24 hours only. Two new multicloud training courses are now available in the Cisco Learning Network Store-and they're included in the Pi Day Sale. If you are an active ...
7 months ago Feedpress.me
Silex Technology AMC Protect improves cybersecurity for critical devices - Silex Technology announced their new protection service product offering called AMC Protect, a robust software management service designed to monitor and remedy vulnerabilities. AMC Protect targets customers utilizing Silex's embedded wireless LAN ...
9 months ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)