If after eighteen months, meaningful use of SBOMs is unachievable, we need to ask what needs to be done to fulfill Biden’s executive order.
The post SBOMs – Software Supply Chain Security’s Future or Fantasy? appeared first on SecurityWeek.
Proofpoint warns that APT actors linked to Russia Iran and North Korea are increasingly targeting small- and medium-sized businesses.
The post Researchers Spot APTs Targeting Small Business MSPs appeared first on SecurityWeek.
Red Hat rolls out a new suite of tools and services to help mitigate vulnerabilities across every stage of the modern software supply chain.
The post Red Hat Pushes New Tools to Secure Software Supply Chain appeared first on SecurityWeek.
China’s government told users of computer equipment deemed sensitive to stop buying products from the biggest U.S. memory chipmaker, Micron.
The post China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States appeared first on SecurityWeek.
Security researchers are warning that newly patched vulnerabilities in the Pimcore platform bring code execution risks.
The post Pimcore Platform Flaws Exposed Users to Code Execution appeared first on SecurityWeek.
Manifest raises $6 million in seed funding to help businesses generate, collect, and manage software bill of materials (SBOMs).
The post Investors Make $6M Bet on Manifest for SBOM Management Technology appeared first on SecurityWeek.
Israeli startup Entro launches with $6 million in seed-stage funding and a product to help manage secrets sprawl in the enterprise.
The post Entro Raises $6M to Tackle Secrets Sprawl appeared first on SecurityWeek.
SBOMs can be used for managing risk and determining vulnerability impact, but it’s very hard to build holistic risk models when the data is not standardized across multiple platforms.
The post The SBOM Bombshell appeared first on SecurityWeek.
CISA urges organizations to review FCC’s Covered List of risky communications equipment and incorporate it in their supply chain risk management efforts.
The post Critical Infrastructure Organizations Urged to Identify Risky Communications Equipment appeared first on SecurityWeek.
The software supply chain security firm adds the Open Policy Agent to its risk analysis engine, increasing flexibility for the creation and enforcement of custom policies on the use of open source software.
The post Phylum Adds Open Policy Agent to Open Source Analysis Engine appeared first on SecurityWeek.
