CyberSecurityBoard
Sponsor Register Login

The Need for ChainGuard to Improve SBOM Quality

ChainGuard, a new open-source security project, is hoping to improve the quality of Software Bill-of-Materials (SBOM)s by training models to detect known software vulnerabilities. SBOMs provide valuable information about the components and dependencies used by a particular piece of software, which can be used to recognize potential risks and security gaps. However, the quality of SBOMs is often poor, leaving software vulnerable to attack. ChainGuard is a project developed by researchers at the University of Illinois at Urbana-Champaign and the University of Maryland. The project uses machine learning algorithms to generate training models that detect known software vulnerabilities in SBOMs. By providing better coverage and better accuracy, ChainGuard can help software developers create secure software more quickly and easily. The project is still in its early stages, but the researchers are hopeful that it will have a significant impact on software security. ChainGuard aims to make it easier for developers to create secure software, while also making it easier for organizations to recognize potential vulnerabilities in their software. By improving the quality of SBOMs, software applications will be less susceptible to attack. ChainGuard is an important step toward improving the security of software applications. By training models to detect known vulnerabilities, organizations can better protect their software from cyber attackers. As the project matures, it could prove to be an invaluable resource for software developers and organizations alike.

This Cyber News was published on www.securityweek.com. Publication date: Sun, 22 Jan 2023 10:48:00 +0000


Cyber News related to The Need for ChainGuard to Improve SBOM Quality

Improving Software Quality with the OWASP BOM Maturity Model - With his years of work on the CycloneDX standard, Springett understands the issues holding back SBOM usage-particularly when it comes to standardization, dependency tracking, and verification. Not to mention, he also chaired OWASP's Software ...
9 months ago Securityboulevard.com
The Need for ChainGuard to Improve SBOM Quality - ChainGuard, a new open-source security project, is hoping to improve the quality of Software Bill-of-Materials (SBOM)s by training models to detect known software vulnerabilities. SBOMs provide valuable information about the components and ...
1 year ago Securityweek.com
Sonatype SBOM Manager identifies and mitigates vulnerabilities within the software supply chain - Working with the world's largest enterprises and global policymakers to address the complexities of optimizing your software supply chain with SBOMs, Sonatype announced SBOM Manager. This solution provides an integrated approach to managing SBOMs ...
8 months ago Helpnetsecurity.com
Understanding SBOMs - In recent years, the adoption of open-source software in development has surged, now comprising up to 90% of what's built. There is a crucial aspect to consider when integrating open-source software components. To make sure their software is safe, ...
11 months ago Securityboulevard.com
Are you tracking your cybersecurity implementation? - From May 7 to 12, 2021, the massive Colonial Pipeline refined oil product delivery system ground to a halt. The Colonial Pipeline delivers about 45% of fuel for the East Coast, including gasoline, diesel fuel, heating oil, jet fuel and fuel used by ...
10 months ago Securityintelligence.com
Silex Technology AMC Protect improves cybersecurity for critical devices - Silex Technology announced their new protection service product offering called AMC Protect, a robust software management service designed to monitor and remedy vulnerabilities. AMC Protect targets customers utilizing Silex's embedded wireless LAN ...
10 months ago Helpnetsecurity.com
Codenotary Adds Machine Learning Algorithms to SBOM Search Tool - Codenotary this week added machine learning algorithms to the search engine it provides for its Trustcenter platform for generating and managing software bills of materials. Compatible with the Vulnerability Exploitability eXchange format, the ...
10 months ago Securityboulevard.com
NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity - The National Security Agency has published new guidance to help organizations incorporate software bills of materials and mitigate supply chain risks. In May 2021, the White House issued a cybersecurity executive order, mandating the use of SBOMs for ...
11 months ago Securityweek.com
Will 2024 Be the Year of the Software Bill of Materials? Experts Weigh In. - The Software Bill of Materials has become a central part of the White House National Cyber Security Strategy to help protect the software supply chain supporting government and critical infrastructure systems. Standards for expressing and consuming ...
11 months ago Securityboulevard.com
Guidance: Assembling a Group of Products for SBOM - Today, CISA published Guidance on Assembling a Group of Products created by the Software Bill of Materials Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA's community-driven ...
9 months ago Cisa.gov
The Role of XBOMs in Supporting Cybersecurity - Everyone in an organization plays an important role in ensuring that their products and services are delivered safely to their customers. Whether you're producing software or hardware, part of the manufacturing process, or anywhere in the software ...
10 months ago Securityboulevard.com
Vigilant Ops Raises $2 Million for SBOM Management Platform - Cybersecurity startup Vigilant Ops has received a $2 million seed investment from DataTribe to help organizations manage software bills of materials. Founded in 2019, the Pittsburgh, Pennsylvania-based Vigilant Ops provides an automated platform for ...
10 months ago Securityweek.com
ImmuniWeb is now ISO 9001 certified - According to the International Organization for Standardization, implementation of ISO 9001 means that the certified organization has put in place effective processes and trained staff to deliver flawless products or services time after time. Today, ...
11 months ago Helpnetsecurity.com
The 5 Best VoIP Routers (Wired, Wireless, and Mesh) - As a VoIP router, it has everything you need, including redundant WAN ports for failover and load balancing, country-based QoS to prioritize VoIP traffic, outage reporting, VLAN traffic separation, support for various VPN connections, and LTE backup ...
1 month ago Techrepublic.com
How To Implement Data Management Into Your AI Strategy - While an AI strategy has different components, including infrastructure, technology stack, organizational changes, and more, the most important is the data strategy. A well-defined data strategy is the foundation for successful AI implementation. AI ...
11 months ago Feeds.dzone.com
CVE-2023-24827 - syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the ...
1 year ago
CVE-2022-21613 - Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with ...
2 years ago
Chainguard, an Open-Source Security Firm, Raises $61 Million - Chainguard has raised $61 million in a Series B investment round, as the security of open-source software has become a subject of gathering concern. VMware, the company provides vetted and secure versions of free open-source software, with known ...
11 months ago Wsj.com
CISA HBOM Framework Doesn't Go Far Enough - The recently published hardware bill of materials framework from the Cybersecurity and Infrastructure Security Agency is a much-needed step toward ensuring semiconductor chip security - but it doesn't go far enough. The framework offers a consistent ...
9 months ago Darkreading.com
How machine learning helps us hunt threats | Securelist - In this post, we will share our experience hunting for new threats by processing Kaspersky Security Network (KSN) global threat data with ML tools to identify subtle new Indicators of Compromise (IoCs). The model can process and learn from millions ...
1 month ago Securelist.com
Cyber Security Managed Services 101 - Benefits of an MSP. Maximizing efficiency. Cyber threats and cyberattacks like ransomware targeting SMBs continue to increase in part because malicious actors realize these organizations don't have the means or manpower for security teams. Even ...
1 year ago Trendmicro.com
The Exploration of Static vs Dynamic Code Analysis - Two essential methodologies employed for this purpose are Static Code Analysis and Dynamic Code Analysis. Static Code Analysis involves the examination of source code without its execution. In this exploration of Static vs Dynamic Code Analysis, ...
10 months ago Feeds.dzone.com
The Role of Identity Data Management in Achieving CISA'S Strategic Goals - At the heart of this growing risk is identity, with over 60% of all breaches today involving identity exploitation. As organizations continue to expand their digital footprints, driven by a move towards cloud resources and remote systems, their ...
7 months ago Cyberdefensemagazine.com
Warren PD Launches Mark43 Records Management System - Mark43, a leading cloud-native public safety software company that took home Top Awards for Best Disaster Preparedness and Disaster Recovery Solution in the 2023 'ASTORS' Homeland Security Awards Program, is pleased to announce the official ...
10 months ago Americansecuritytoday.com
Digitizing the Physical World: Insights from Cisco Live Melbourne and the Industrial IoT Industry Summit - A few weeks ago, I attended Cisco Live Melbourne, and it was truly a pleasure to meet and connect with leaders, gain knowledge from customers, and hear speakers from various sectors. I had the wonderful opportunity to speak in an Innovation Talk ...
10 months ago Feedpress.me

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)