CyberSecurityBoard
Sponsor Register Login

Guidance: Assembling a Group of Products for SBOM

Today, CISA published Guidance on Assembling a Group of Products created by the Software Bill of Materials Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA's community-driven working groups publish documents and reports to advance and refine SBOM and ultimately promote adoption.
Specifically, software producers often need to assemble and test products together before releasing them to customers.
These products may contain components that experience version changes over time, therefore creating a need to be tracked.
This document serves as a guide for creating the build for SBOM assembled products.
This product is provided subject to this Notification and this Privacy & Use policy.


This Cyber News was published on www.cisa.gov. Publication date: Fri, 26 Jan 2024 15:13:06 +0000


Cyber News related to Guidance: Assembling a Group of Products for SBOM

Improving Software Quality with the OWASP BOM Maturity Model - With his years of work on the CycloneDX standard, Springett understands the issues holding back SBOM usage-particularly when it comes to standardization, dependency tracking, and verification. Not to mention, he also chaired OWASP's Software ...
9 months ago Securityboulevard.com
Sonatype SBOM Manager identifies and mitigates vulnerabilities within the software supply chain - Working with the world's largest enterprises and global policymakers to address the complexities of optimizing your software supply chain with SBOMs, Sonatype announced SBOM Manager. This solution provides an integrated approach to managing SBOMs ...
8 months ago Helpnetsecurity.com
Guidance: Assembling a Group of Products for SBOM - Today, CISA published Guidance on Assembling a Group of Products created by the Software Bill of Materials Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA's community-driven ...
9 months ago Cisa.gov
Understanding SBOMs - In recent years, the adoption of open-source software in development has surged, now comprising up to 90% of what's built. There is a crucial aspect to consider when integrating open-source software components. To make sure their software is safe, ...
11 months ago Securityboulevard.com
NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity - The National Security Agency has published new guidance to help organizations incorporate software bills of materials and mitigate supply chain risks. In May 2021, the White House issued a cybersecurity executive order, mandating the use of SBOMs for ...
11 months ago Securityweek.com
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
1 month ago Securelist.com
Silex Technology AMC Protect improves cybersecurity for critical devices - Silex Technology announced their new protection service product offering called AMC Protect, a robust software management service designed to monitor and remedy vulnerabilities. AMC Protect targets customers utilizing Silex's embedded wireless LAN ...
10 months ago Helpnetsecurity.com
Vigilant Ops Raises $2 Million for SBOM Management Platform - Cybersecurity startup Vigilant Ops has received a $2 million seed investment from DataTribe to help organizations manage software bills of materials. Founded in 2019, the Pittsburgh, Pennsylvania-based Vigilant Ops provides an automated platform for ...
10 months ago Securityweek.com
The Role of XBOMs in Supporting Cybersecurity - Everyone in an organization plays an important role in ensuring that their products and services are delivered safely to their customers. Whether you're producing software or hardware, part of the manufacturing process, or anywhere in the software ...
10 months ago Securityboulevard.com
security and privacy in Facebook groups - Having found myself roped into assisting as co-administrator a couple of Facebook groups with security/privacy issues, I thought I should, perhaps, share what little I know about defending your group against scam and spam posts and comments by ...
10 months ago Securityboulevard.com
Will 2024 Be the Year of the Software Bill of Materials? Experts Weigh In. - The Software Bill of Materials has become a central part of the White House National Cyber Security Strategy to help protect the software supply chain supporting government and critical infrastructure systems. Standards for expressing and consuming ...
11 months ago Securityboulevard.com
NCC Group records the most ransomware victims ever in 2023 - While coordinated law enforcement action and government initiatives helped in the fight against ransomware last year, NCC Group still recorded an 84% increase in attacks during 2023. The report included data from NCC Group's Cyber Incident Response ...
9 months ago Techtarget.com
ASD's ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies - This guidance was crafted to provide organizations with secure by design considerations when procuring digital products and services. The guidance contains a range of internal and external considerations and offers sample questions to leverage at ...
6 months ago Cisa.gov
CVE-2023-24827 - syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the ...
1 year ago
Codenotary Adds Machine Learning Algorithms to SBOM Search Tool - Codenotary this week added machine learning algorithms to the search engine it provides for its Trustcenter platform for generating and managing software bills of materials. Compatible with the Vulnerability Exploitability eXchange format, the ...
10 months ago Securityboulevard.com
Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyberattack - Microsoft has released new guidance for organizations on how to protect against persistent nation-state attacks like the one disclosed a few days ago that infiltrated its own corporate email system. A key focus of the guidance is on what ...
9 months ago Darkreading.com
Imperva Detects Undocumented 8220 Gang Activities - Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and ...
11 months ago Imperva.com
Cybercrime experts reveal how to infiltrate ransomware gangs The Register - Though it happens rarely, it's always a good day when a ransomware group is taken down by law enforcement. Singapore-based Group-IB celebrated its 20th anniversary in the cybersecurity industry this year, and during this time its researchers have ...
10 months ago Go.theregister.com
Russia hacking: 'FSB in years-long cyber attacks on UK', says government - The UK is accusing Russia's Security Service, the FSB, of a sustained cyber-hacking campaign, targeting politicians and others in public life. The government said one group stole data through cyber-attacks, which was later made public, including ...
11 months ago Bbc.com
Cybercrime experts reveal how to infiltrate ransomware gangs The Register - Though it happens rarely, it's always a good day when a ransomware group is taken down by law enforcement. Singapore-based Group-IB celebrated its 20th anniversary in the cybersecurity industry this year, and during this time its researchers have ...
10 months ago Theregister.com
Surveillance Self-Defense: 2023 Year in Review - It's been a big year for Surveillance Self-Defense, our repository of self-help resources for helping better protect you and your friends from online spying. We've done a number of updates and tackled a few new emerging topics with blog posts. ...
10 months ago Eff.org
Cypher Queries in BloodHound Enterprise - Our first use case is identifying Domain Trusts that exist within an environment. Our specific query here, Map Domain Trusts can be selected which automatically populates the search window with the built-in query. Selecting Search will then return a ...
10 months ago Securityboulevard.com
CISA HBOM Framework Doesn't Go Far Enough - The recently published hardware bill of materials framework from the Cybersecurity and Infrastructure Security Agency is a much-needed step toward ensuring semiconductor chip security - but it doesn't go far enough. The framework offers a consistent ...
9 months ago Darkreading.com
New "MITRE ATT&CK-like" framework outlines software supply chain attack TTPs - A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack ...
1 year ago Csoonline.com
UK Government Releases Cloud SCADA Security Guidance - The UK's National Cyber Security Centre released security guidance on Monday to help organizations that use operational technology determine whether they should migrate their supervisory control and data acquisition systems to the cloud. SCADA ...
8 months ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)