SPDX

SPDX 3.0 Revolutionizes Software Management in Systems with Enhanced Functionality and Streamlined Use Cases

Retrieved on: 
Tuesday, April 16, 2024
Linux Foundation, Software, Linux, Organization, Communication, SBOM, ISO, SPDX, AI

SEATTLE, April 16, 2024 /PRNewswire/ -- The SPDX community, in collaboration with the Linux Foundation, is thrilled to announce the release of SPDX 3.0. This milestone marks a significant advancement in the world's most widely used Software Bill of Materials (SBOM) communication format. SPDX 3.0 introduces a comprehensive set of updates, encompassing the model, specification, and license list, with the new addition of SPDX profiles to handle modern system use cases.

Key Points: 
  • SEATTLE, April 16, 2024 /PRNewswire/ -- The SPDX community, in collaboration with the Linux Foundation , is thrilled to announce the release of SPDX 3.0 .
  • SPDX 3.0 introduces a comprehensive set of updates, encompassing the model, specification, and license list, with the new addition of SPDX profiles to handle modern system use cases.
  • Organizations leveraging SPDX will experience enhanced software package management, improved compliance with licensing obligations, streamlined security practices, and optimized software build processes.
  • SPDX continues to drive the future of software package management with SPDX 3.0.

Synopsys Launches New Offering for Comprehensive Software Supply Chain Security

Retrieved on: 
Tuesday, April 9, 2024
Organization, Conference, SCA, Risk, Black Duck, Synopsys, SPDX, Software, SBOM, RSA Conference, Language, SNPS, Risk management

SUNNYVALE, Calif., April 9, 2024 /PRNewswire/ -- Synopsys, Inc. (Nasdaq: SNPS) today announced the availability of Black Duck® Supply Chain Edition, a new software composition analysis (SCA) offering that enables organizations to mitigate upstream risk in their software supply chains. Black Duck Supply Chain Edition combines multiple open source detection technologies, automated third-party software bill of materials (SBOM) analysis, and malware detection to provide a comprehensive view of software risks inherited from open source, third-party, and AI-generated code. Development and security teams can track their dependencies across the entire application lifecycle to identify and resolve security vulnerabilities, malicious packages, and license violations and conflicts.

Key Points: 
  • SUNNYVALE, Calif., April 9, 2024 /PRNewswire/ -- Synopsys, Inc. (Nasdaq: SNPS ) today announced the availability of Black Duck® Supply Chain Edition , a new software composition analysis (SCA) offering that enables organizations to mitigate upstream risk in their software supply chains.
  • Black Duck Supply Chain Edition combines multiple open source detection technologies, automated third-party software bill of materials (SBOM) analysis, and malware detection to provide a comprehensive view of software risks inherited from open source, third-party, and AI-generated code.
  • Supply Chain Edition builds on the market-leading capabilities of Black Duck and delivers a full range of supply chain security capabilities to teams responsible for building secure, compliant applications.
  • Black Duck Supply Chain Edition will be generally available on April 25 and showcased May 6-9 at the RSA Conference in San Francisco at the Synopsys Software Integrity Group booth, #1027.

Sonatype Launches Industry-First Integrated System of Record for Management of SBOMs

Retrieved on: 
Tuesday, March 19, 2024
Organization, Comprehensive, Government, Software as a service, Reputational damage, Risk, Head, DevOps, Nation, FD, Research, Artificial intelligence, Policy, IDC, AI, SPDX, Benefit, Software, SBOM, VEX, Workflow, PCI, Machine learning, Collection, FDA, Medical device

This industry-first solution provides an integrated approach to managing SBOMs from third-party vendors, alongside those SBOMs created for your own software, powered by Sonatype’s unique data and security research.

Key Points: 
  • This industry-first solution provides an integrated approach to managing SBOMs from third-party vendors, alongside those SBOMs created for your own software, powered by Sonatype’s unique data and security research.
  • By enabling comprehensive optimization of SBOM management, Sonatype sets a new standard for compliance, scalability, and cybersecurity.
  • “Good software development is the crux of our modern world, and SBOMs have emerged as a critical building block in software quality.
  • Optimize Efficiency: Sonatype SBOM Manager significantly reduces the manual effort and complexity involved in handling SBOMs by automating SBOM generation, management, and monitoring.

Flexera Launches SBOM Management Functionality in Flexera One IT Visibility to Boost Software Reliability and Security

Retrieved on: 
Tuesday, February 20, 2024
Head, Software, Risk management, OSS, Exchange, COTS, IDS, VEX, Software as a service, Construct, Organization, Automation, VDR, SPDX, Risk, SBOM, EOL, SCA

Flexera’s existing SBOM management capabilities are part of the pioneering software composition analysis (SCA) platform historically sold through Flexera’s Revenera division.

Key Points: 
  • Flexera’s existing SBOM management capabilities are part of the pioneering software composition analysis (SCA) platform historically sold through Flexera’s Revenera division.
  • With this launch, Flexera One IT Visibility supports software buyers' use cases with the same capabilities SCA customers have relied on for over 15 years.
  • The new SBOM management feature of Flexera One IT Visibility mitigates the increased risks of software vulnerabilities and data breaches.
  • By monitoring software producers, third-party code, and internal modules, Flexera simplifies software complexities, supporting compliance and risk management initiatives.

Cybellum Adds Major New Features to its Product Security Platform in Support of its Cybersecurity Management System (CSMS)

Retrieved on: 
Thursday, February 15, 2024
CISA, VM, Catalog, TEL, FDA, Original equipment manufacturer, Risk, Organization, SPDX, Electronics, LG Electronics, CES, SBOM, Cockpit, Medical device

TEL AVIV, Israel, Feb. 15, 2024 /PRNewswire/ -- Cybellum, creators of the award-winning Product Security Platform, announced the latest major release, V2.38 of their Product Security Platform. Following the joint announcement with LG Electronics at CES 2024, this release introduces the CSMS Cockpit, enabling automotive OEMs and device manufacturers to significantly improve their cybersecurity management capabilities with a comprehensive view of product risk, security activities, and requirement validation status.

Key Points: 
  • New capabilities supercharge SBOM and vulnerability management with new AI functionality, risk, and asset management capabilities for streamlined regulatory compliance
    TEL AVIV, Israel, Feb. 15, 2024 /PRNewswire/ -- Cybellum, creators of the award-winning Product Security Platform, announced the latest major release, V2.38 of their Product Security Platform.
  • The new release offers advanced asset management capabilities, including SBOM Auto-Fix, which provides automatic error detection and correction when uploading CycloneDX or SPDX SBOM files.
  • It also includes custom package management for including custom, in-house developed packages, and commercially sourced ones.
  • "The latest update to Cybellum's Product Security Platform doesn't just enhance features, it empowers a paradigm shift in how organizations manage product security," says Asaf Atzmon, Chief Product Officer at Cybellum.

SBOM Automation Platform Vigilant Ops Secures $2 Million in Seed Funding from DataTribe

Retrieved on: 
Thursday, January 4, 2024
Technology, Finance, Security, Professional Services, Software, Start-Up, Networks, Internet, Data Management, ODNI, VEX, Federal Energy Regulatory Commission, SBOM, InSight, Director of National Intelligence, FDA, United States Intelligence Community, FERC, National Security Strategy, NSA, Legislation, CISA, Bill of materials, SPDX, Federation, Food and Drug Administration, Organization, Automation, National Security Agency, Information technology, Data science, Medical device

Vigilant Ops, winner of the 6th annual DataTribe Challenge in November, performs continuous vulnerability monitoring and alerting, security patch notifications, and the ability to upload SBOMs -- lists of the software libraries embedded in products -- from alternate sources.

Key Points: 
  • DataTribe , a global cyber foundry that invests in and co-builds next-generation cybersecurity and data science companies, today announced a $2 million seed investment in Vigilant Ops , a leading automation platform for the generation, maintenance, and authenticated sharing of certified Software Bill of Materials (SBOM).
  • Vigilant Ops will use the funding to expand the capabilities of its InSight platform across multiple critical infrastructure industries.
  • Leo Scott, DataTribe CTO, will join the Vigilant Ops Board.
  • The most recent release of the InSight Platform now includes automated import of various SBOM formats, supporting industry standards like CycloneDX and SPDX.

Yocto Project Announces Latest Release, New Gold Member Witekio, and Details for Virtual Summit Next Week

Retrieved on: 
Wednesday, November 22, 2023
SAN, Internet of things, Huawei, SPDX, Automotive Grade Linux, CVE, Gold, History, Texas Instruments, SBOM, Yocto Project, Partnership, Metric prefix, Renesas Electronics, Risk management

SAN FRANCISCO, Nov. 22, 2023 /PRNewswire/ -- The Yocto Project, an open source collaborative project helping developers create custom Linux-based systems, today announced the release of Nanbield 4.3. Announced on the heels of a recent funding boost provided to the Yocto Project from Sovereign Tech Fund, the release of Nanbield 4.3 features a host of new improvements, including security process improvements, year 2038 time fixes for 32 bit systems, prebuilt artifacts to accelerate builds and a new contributors guide along with all the usual component updates to integrate together the changes from hundreds of other upstream open source projects.

Key Points: 
  • Yocto Project excitement continues with new project enhancements, members, and events
    SAN FRANCISCO, Nov. 22, 2023 /PRNewswire/ -- The Yocto Project , an open source collaborative project helping developers create custom Linux-based systems, today announced the release of Nanbield 4.3.
  • Yocto Project excitement continues with new project enhancements, members, and events
    The excitement continues with the welcomed addition of Witekio as a Yocto Project Gold Member, joining Automotive Grade Linux, Huawei, Renesas, Siemens, and Texas Instruments.
  • As a Member, Witekio brings its history of delivering innovative embedded systems and products to Yocto Project in addition to donating advocacy efforts.
  • "We are incredibly proud to be recognised as a Gold Member of the Yocto Project," stated Samir Bounab, CEO of Witekio.

Anchore Reports Strong Success in Federal and Enterprise Markets, Team Growth

Retrieved on: 
Tuesday, November 14, 2023
Cloud, Grumman, SBOM, Computer security software, Growth, Government, Organization, DXC, United States Marine Corps, Amazon Web Services, Harness, Managed services, ServiceNow, Computation, Customer success, Anchor Inc., Northrop Grumman, Homeland security, SPDX, Sierra Nevada Corporation, Cloud Native Computing Foundation, Public sector, United States Space Force, SSDF, General Dynamics, NIST, DevOps, GitHub, Air force, Policy, SAIC, Hewlett Packard Enterprise, Nic, Sales management, Nix, Software, GitLab, Retail, Commercial property, Arms industry, United States Army, Anchor leg, Defense, Elixir, United States Navy, Enterprise, Swift, Leidos

SANTA BARBARA, Calif., Nov. 14, 2023 /PRNewswire/ -- Anchore, Inc., the leading experts in software supply chain security and federal compliance, today announced strong growth and continued business momentum heading into 2024.

Key Points: 
  • "Despite the broader economic hurdles, we're ecstatic to see continued growth in demand for Anchore's security solutions," remarked Saïd Ziouani, Anchore CEO.
  • In preparation for continued growth and advancement in 2024, Anchore added two new industry leaders to its advisory team.
  • As the company continues to advance and expand, Anchore has added two enterprise software industry veterans to its management team.
  • Anchore Enterprise 5.0 now includes integrations with ServiceNow and Harness which complement its support for existing platforms such as GitLab, GitHub, and Jenkins.

The Linux Foundation Announces Keynote Speakers for Open Source Summit Europe 2023

Retrieved on: 
Thursday, August 10, 2023
Metaverse, Euskalduna Conference Centre and Concert Hall, SPDX, Linux Foundation, Linux Security Modules, Emerging, Student, Collection, SAN, Diversity, PyTorch, Amazon Web Services, Ecosystem, Open Source Summit, Open Source Security Foundation, Conference, Video game, Network

SAN FRANCISCO, Aug. 10, 2023 /PRNewswire/ -- The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the keynote speakers for Open Source Summit Europe, taking place September 19-21 at the Euskalduna Conference Centre in Bilbao, Spain. The full event schedule is available here.

Key Points: 
  • SAN FRANCISCO, Aug. 10, 2023 /PRNewswire/ -- The Linux Foundation , the nonprofit organization enabling mass innovation through open source, today announced the keynote speakers for Open Source Summit Europe , taking place September 19-21 at the Euskalduna Conference Centre in Bilbao, Spain.
  • Open Source Summit is a global conference that hosts a collection of microconferences, mini-summits, and co-located events for the open source community.
  • Developers, technologists, and community leaders unite at Open Source Summit every year in North America, Europe, and Asia to collaborate, innovate, and help advance a sustainable open source ecosystem.
  • Open Source Summit Europe 2023 microconferences include CloudOpen , ContainerCon , Diversity Empowerment Summit , Emerging OS Forum , LinuxCon , Open AI + Data Forum , OpenJS World , Open Source Leadership Summit , Open Source On-Ramp , OSPOCon , SupplyChainSecurityCon , and SustainabilityCon .

NetRise Introduces New Features for Managing SBOMs & CISA KEV Catalog Support

Retrieved on: 
Wednesday, August 9, 2023
Kev, SPDX, Computer security, CVE, Catalog, Black hat, Cybersecurity and Infrastructure Security Agency, KEV, CISA, SBOM, Pace, Consultant, Address, Software, Risk management

AUSTIN, Texas, Aug. 9, 2023 /PRNewswire/ -- NetRise, the company providing granular visibility into the world's XIoT security problem, today announced advanced capabilities for maintaining and working with Software Bill of Materials (SBOMs) and support for the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) Catalog for managing and understanding the risks associated with software components in the firmware of connected devices.

Key Points: 
  • With the growing prominence of KEVs, NetRise's adoption of CISA's KEV data provides users with an efficient method for prioritizing the most exploitable vulnerabilities.
  • Key benefits of these new features in the NetRise Platform include:
    By overlaying CISA KEV catalog data, NetRise empowers a comprehensive understanding of known exploits to identify, address, and prioritize the most critical vulnerabilities.
  • "NetRise goes a long way in navigating the complex difficulties across the software supply chain," continued Pace.
  • To learn more about these advancements and other capabilities of the NetRise platform, visit https://www.netrise.io/platform .