Software bill of materials

Veracode Research Reveals Steps to Reduce Introduction and Accumulation of Security Flaws as Apps Grow and Age

Retrieved on: 
Wednesday, January 11, 2023
Security, Apps, Applications, Technology, Software, Networks, Internet, Steps, API, IBM Secure Service Container, National Vulnerability Database, Organization, Risk, Annual report, Software bill of materials, Data breach, Software, Research, Material, SCA, IBM, Behavior, Probability, Security, GitHub, Success, Medical device, Risk management, Veracode

Veracode , a leading global provider of modern application security testing solutions, today revealed data that could save organizations time and money by helping developers minimize the introduction and accumulation of security flaws in their software.

Key Points: 
  • Veracode , a leading global provider of modern application security testing solutions, today revealed data that could save organizations time and money by helping developers minimize the introduction and accumulation of security flaws in their software.
  • Veracode has been publishing its annual report since 2010, summarizing the key discoveries from its diverse customer base.
  • Chris Eng, Chief Research Officer at Veracode, said, “As with all our studies, we set out to provide insights that developers can put into action right away.
  • Furthermore, top flaws in apps vary by testing type, highlighting the importance of using multiple scan types to ensure hard-to-identify flaws aren’t missed.

SCANOSS Announces Vulnerability Checking for SBOMs as a Free Service

Retrieved on: 
Thursday, January 12, 2023
Database, Common Platform Enumeration, Common Vulnerabilities and Exposures, Intelligence, CPE, DevOps, Package, Purl (film), CVE, PURL, Risk, Organization, SCA, Software bill of materials, OSS, Security, Risk management

MADRID, Jan. 12, 2023 /PRNewswire-PRWeb/ -- SCANOSS, a leading provider of software composition analysis (SCA) and Open Source Intelligence, has announced the release of CPE to PURL (Package URL) relations as open source. This move will allow organizations to keep track of known vulnerabilities in any of their SBOM (Software Bills of Materials) securely, anonymously and free. Security is of the utmost importance when it comes to managing software assets, and the ability to track and manage dependencies is a crucial aspect of ensuring the security and compliance of an organization's software assets.

Key Points: 
  • MADRID, Jan. 12, 2023 /PRNewswire-PRWeb/ -- SCANOSS, a leading provider of software composition analysis (SCA) and Open Source Intelligence, has announced the release of CPE to PURL (Package URL) relations as open source.
  • This move will allow organizations to keep track of known vulnerabilities in any of their SBOM (Software Bills of Materials) securely, anonymously and free.
  • CPE (Common Platform Enumeration) is a standardized naming system for IT products and platforms, including operating systems, applications, and hardware.
  • By tracking and managing these dependencies, organizations can ensure that their applications are secure and compliant.

Codenotary Introduces Automated Software Bill of Materials for Serverless Applications

Retrieved on: 
Tuesday, November 29, 2022
Security, Data Management, Apps, Applications, Technology, Software, Cloud, Computer security, Serverless computing, Organization, Trust, Software bill of materials, Microsoft Azure, AWS, Gaping, Artifact, Google Cloud Platform, SLSA, Microsoft, Medical device, Risk management, Online shopping

Codenotary , leaders in software supply chain protection, today announced TrueSBOM for Serverless, a self-updating Software Bill of Materials (SBOM) for applications running on AWS Lamda, Google Cloud Functions and Microsoft Azure Functions that is made possible by simply adding one line to the application source code.

Key Points: 
  • Codenotary , leaders in software supply chain protection, today announced TrueSBOM for Serverless, a self-updating Software Bill of Materials (SBOM) for applications running on AWS Lamda, Google Cloud Functions and Microsoft Azure Functions that is made possible by simply adding one line to the application source code.
  • That is really the only way to create an SBOM for serverless applications.
  • Otherwise, SBOMs are created as a snapshot in time that shows the list of components when the application is created.
  • With the Codenotary tamper-proof bill of materials, users can instantly identify untrusted components in their software builds.

Azul Launches New Security Product to Fill Critical Gap in Enterprises’ Secure Software Supply Chain Strategy

Retrieved on: 
Wednesday, November 2, 2022
Other Manufacturing, Data Management, Other Science, Technology, Manufacturing, Other Professional Services, Legal, Entertainment, Small Business, Insurance, General Entertainment, Human Resources, Finance, Security, Banking, Professional Services, Other Technology, Software, Networks, Science, Cloud, Hive, API, Software, OpenJDK, Point, Software as a service, United States Secretary of Homeland Security, Acceleration, Organization, CVE, Salesforce, LG, Library, IOS SDK, Risk, Avaya, Micronauts, JVM, Apache Hadoop, Department, Use, Mastercard, Tomcat, Log4j, QA, Forbes, UI, Software AG, Software bill of materials, History, Credit Suisse, Multimedia, Material, Deutsche Telekom, Hibernation, BMW, Risk management, Satellite navigation device, Elasticsearch, Bazaarvoice, Priceline, Spark, Gartner

This approach enables true end-to-end security across the software supply chain with no performance penalty while eliminating false positives.

Key Points: 
  • This approach enables true end-to-end security across the software supply chain with no performance penalty while eliminating false positives.
  • Vulnerabilities within third-party sources, whether commercial or freely available open source, present a growing risk to all enterprises and need addressing across all phases of the software supply chain.
  • Azul Vulnerability Detection makes security a byproduct of simply running your Java software, said Scott Sellers, Azul CEO and co-founder.
  • Our new product fills a critical gap in enterprises security strategies detecting vulnerabilities at point of use in production, the endpoint of the software supply chain.

JFrog-Led Open Source “Pyrsia” Initiative to Secure the Software Supply Chain will be Contributed to the CD Foundation

Retrieved on: 
Tuesday, October 25, 2022
Technology, Security, Transport, Software, Blockchain, Internet, Data Management, Logistics, Supply Chain Management, Supply Chain Management, Retail, Adoption, U.S. Securities and Exchange Commission, Efficiency, VP, Commercial software, CDF, Software as a service, Organization, Supply, NASDAQ, Software bill of materials, Library, Twitter, Annual report, Security (finance), Multimedia, Linux Foundation, Sun Microsystems Laboratories, Technology, Form 10-K, Director, Software, Platform, Industry, Linux, CD, Research, DevOps, Environment, Forward-looking statement, CTO, Cryptocurrency, Video game console, Online shopping, 3D printing, Tektōn, Oracle, Docker

(JFrog) (NASDAQ: FROG), the Liquid Software company and creators of the JFrog DevOps Platform , today announced Pyrsia , an open source software community initiative that utilizes blockchain technology to secure software packages (a.k.a.

Key Points: 
  • (JFrog) (NASDAQ: FROG), the Liquid Software company and creators of the JFrog DevOps Platform , today announced Pyrsia , an open source software community initiative that utilizes blockchain technology to secure software packages (a.k.a.
  • View the full release here: https://www.businesswire.com/news/home/20221025005480/en/
    The JFrog-Led "Pyrsia" initiative for securing the software supply chain will be contributed to the CD Foundation, with support from Docker, DeployHub, Oracle, and others.
  • The beauty of it is, large and small businesses alike stand to benefit from Pyrsia, as will the entire software supply chain."
  • @jfrog-led open source project #Pyrsia to be incubated under the @CDFoundation to further secure the software supply chain.

Rezilion Vulnerability Scanner Benchmark Report Finds Top Scanners Only 73% Accurate

Retrieved on: 
Wednesday, October 26, 2022
Benchmark, Time, Research, Root cause analysis, Vulnerability, SDLC, Software, Software bill of materials, Industry, CVE, DevOps, Noise, Environment, Medical device, Medical imaging, Risk management

BE'ER SHEVA, Israel, Oct. 26, 2022 /PRNewswire/ -- Rezilion, an automated vulnerability management platform accelerating software security, announced today the release of the company's Vulnerability Benchmark Report, which provides visibility into the inaccuracies and noise that are created by the market's most popular commercial and open-source scanning technologies.

Key Points: 
  • "Every day there are a multitude of new vulnerability disclosures across the software ecosystem, driving end-users to rely on vulnerability scanners to detect if these potentially exploitable vulnerabilities exist within their environment," said Yotam Perkal, Director of Vulnerability Research with Rezilion.
  • Inconsistent results in scanners are common.In this first-of-its-kind benchmark and root cause analysis, Rezilion researchers examined 20 popular containers on DockerHub, ran them locally, and scanned them using six different, popular vulnerability scanners in the commercial and open-source market.
  • Each vulnerability scanner reported a different number of vulnerabilities, equating to less than 50 percent of common findings, exposing an exceptional amount of false positives and negatives.
  • "The primary problem is that the scanner performance data is not transparent and leaves end-users without visibility to accurately evaluate effectiveness of vulnerability scanners," continued Perkal.

Manufacturing Overtakes Financial Services as the Sector With Fewest Software Security Flaws

Retrieved on: 
Wednesday, October 19, 2022
Software, Supply Chain Management, Networks, Internet, Professional Services, Data Management, Technology, Other Manufacturing, Security, Retail, Finance, Manufacturing, Pressure, Adoption, Health, Risk, Prevalence, JavaScript, Spaghetti bridge, ENG, Organization, DAST, Java, Twitter, Research, SAST, Technology, Automation, Software, Software bill of materials, Industry, US, SCA, EU, Name, Solution, Medical device, Transformer, Veracode

Veracode , a leading global provider of application security testing solutions, today revealed that the manufacturing sector has the lowest number of software security flaws, dethroning financial services which took first place last year.

Key Points: 
  • Veracode , a leading global provider of application security testing solutions, today revealed that the manufacturing sector has the lowest number of software security flaws, dethroning financial services which took first place last year.
  • The data was published in the companys annual State of Software Security (SoSS) report v12 , which analyzed 20 million scans across half a million applications in the manufacturing, healthcare, financial services, technology, retail, and government sectors.
  • Last year, we found 76 percent of manufacturing apps contained flaws, with 21 percent considered high severity.
  • The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers.

GrammaTech Expert Invited to Discuss Software Supply Chain Security at Automotive Cybersecurity 2022 Conference

Retrieved on: 
Monday, October 17, 2022
Security, Defense, Technology, Contracts, Software, Shift, LinkedIn, Method, AST, Risk, Conference, Software as a service, Electrical engineering, Intelligence, MBA, Twitter, Telfer School of Management, General Motors, University, Software, Software bill of materials, MD, Car, Microsoft Development Center Norway, Research, Tier 2 capital, State Farm Research and Development Center, Electricity, Nut, Solution, View, Medical device, Rivian, Polaris, GrammaTech

GrammaTech , a leading provider of application security testing products and software research services, announced today that embedded and enterprise software security expert Walter Capitani has been invited to present in two sessions on software supply chain security at the Automotive Cybersecurity Silicon Valley 2022 Conference.

Key Points: 
  • GrammaTech , a leading provider of application security testing products and software research services, announced today that embedded and enterprise software security expert Walter Capitani has been invited to present in two sessions on software supply chain security at the Automotive Cybersecurity Silicon Valley 2022 Conference.
  • However, security and quality can vary depending on the source of the software and methods to test the code.
  • WHO: Walter Capitani, Director, Technical Product Management for GrammaTech is a recognized expert in embedded and enterprise software security.
  • From nuts and bolts to bits and bytes, the automotive supply chain is evolving as vehicles are becoming more software driven and Internet connected.

Scryb Announces Partnership Between Cybeats and Veracode, an Industry-Leading Application Security Firm

Retrieved on: 
Thursday, September 29, 2022
ROI, Software, Workflow, Time, Risk, Software bill of materials, Organization, Company, Legacy Fighting Alliance in 2018, Compliance, News, Partnership, Forward-looking statement, Investment, Intelligence, SSDF, Automation, CEO, CSE, Technology, Running, CTO, Risk management, Solution, Multimedia, IOT, Medical device, Online shopping, Veracode

TORONTO, Sept. 29, 2022 /PRNewswire/ - Scryb Inc. ("Scryb'' or the "Company") (CSE: SCYB) (OTCQB: SCYRF) (Frankfurt: EIY), announces a strategic partnership between Cybeats cybersecurity and Veracode, a leading global provider of application security testing solutions.

Key Points: 
  • TORONTO, Sept. 29, 2022 /PRNewswire/ - Scryb Inc. ("Scryb'' or the "Company") (CSE: SCYB) (OTCQB: SCYRF) (Frankfurt: EIY), announces a strategic partnership between Cybeats cybersecurity and Veracode, a leading global provider of application security testing solutions.
  • Cybeats' software supply chain security product, SBOM Studio, will be available to customers through Veracode Partners, and the companies will explore joint commercial opportunities.
  • Cybeats SBOM Studiois an enterprise-class solution that helps companies understand and track third-party components that are an integral part of their own software.
  • The partnership aims to enable both companies to continue to expand their existing presence in the global cybersecurity market.

Cybeats Announces Partnership with Veracode, an Industry-Leading Application Security Firm

Retrieved on: 
Wednesday, September 28, 2022
ROI, Software, Workflow, Time, Risk, Software bill of materials, Organization, Company, Legacy Fighting Alliance in 2018, Compliance, News, Partnership, Forward-looking statement, Investment, SSDF, Automation, CEO, CSE, Technology, Running, CTO, Risk management, Solution, Multimedia, View, Medical device, Online shopping, Veracode

TORONTO, Sept. 28, 2022 /PRNewswire/ - Cybeats Technologies Inc., ("Cybeats" or the "Company") a leading software supply chain risk and security technology provider announces a strategic partnership with Veracode, a leading global provider of application security testing solutions.

Key Points: 
  • TORONTO, Sept. 28, 2022 /PRNewswire/ - Cybeats Technologies Inc., ("Cybeats" or the "Company") a leading software supply chain risk and security technology provider announces a strategic partnership with Veracode, a leading global provider of application security testing solutions.
  • Cybeats SBOM Studiois an enterprise-class solution that helps companies understand and track third-party components that are an integral part of their own software.
  • The partnership aims to enable both companies to continue to expand their existing presence in the global cybersecurity market.
  • As a result of this partnership, Veracode can easily integrate the full breadth of Cybeats' software solutions into their customers' environments.