SBOM

CAST Highlight ranks number one in SBOM management on G2

Retrieved on: 
Thursday, April 4, 2024
SBOM, CAST, G2, Software, Online shopping

G2 scores products and vendors based on reviews gathered from its user community, as well as data aggregated from online sources and social networks.

Key Points: 
  • G2 scores products and vendors based on reviews gathered from its user community, as well as data aggregated from online sources and social networks.
  • This new SBOM category on G2 is a recognition of the growing demand for SBOM creation and management software addressing the needs of software-intensive device manufacturers, software vendors, and system integrators to meet these new requirements from their clients.
  • This score comes on the heels of CAST Highlight’s recognition as Leader in multiple categories in the winter 2024 G2 reports.
  • "This new G2 ranking is another proof point that we are meeting and exceeding the exacting requirements of software suppliers and embedded software providers looking to dramatically simplify their SBOM creation and management process," said CAST Highlight Vice President Greg Rivera.

GitGuardian Announces New Software Composition Analysis Module

Retrieved on: 
Tuesday, March 26, 2024
Health, Organization, CLI, PHP, CTX, SCA, Software, AWS, SBOM, Software Composition Analysis, Intellectual property, Government, Risk management

PARIS and BOSTON, March 26, 2024 (GLOBE NEWSWIRE) -- GitGuardian , the world leader in automated secrets detection and remediation, released today its Software Composition Analysis (SCA) module.

Key Points: 
  • PARIS and BOSTON, March 26, 2024 (GLOBE NEWSWIRE) -- GitGuardian , the world leader in automated secrets detection and remediation, released today its Software Composition Analysis (SCA) module.
  • Open-source software has transformed software development, providing developers access to a vast pool of reusable components.
  • "If one of your buried dependencies becomes vulnerable, the blast radius could be gigantic," said Eric Fourrier, CEO of GitGuardian.
  • GitGuardian’s product suite addresses this gap by integrating a range of security tools, including Secrets Detection, Public Monitoring, Software Composition Analysis, Infra as Code Security, and Honeytoken.

Synopsys Launches New Offering for Comprehensive Software Supply Chain Security

Retrieved on: 
Tuesday, April 9, 2024
Organization, Conference, SCA, Risk, Black Duck, Synopsys, SPDX, Software, SBOM, RSA Conference, Language, SNPS, Risk management

SUNNYVALE, Calif., April 9, 2024 /PRNewswire/ -- Synopsys, Inc. (Nasdaq: SNPS) today announced the availability of Black Duck® Supply Chain Edition, a new software composition analysis (SCA) offering that enables organizations to mitigate upstream risk in their software supply chains. Black Duck Supply Chain Edition combines multiple open source detection technologies, automated third-party software bill of materials (SBOM) analysis, and malware detection to provide a comprehensive view of software risks inherited from open source, third-party, and AI-generated code. Development and security teams can track their dependencies across the entire application lifecycle to identify and resolve security vulnerabilities, malicious packages, and license violations and conflicts.

Key Points: 
  • SUNNYVALE, Calif., April 9, 2024 /PRNewswire/ -- Synopsys, Inc. (Nasdaq: SNPS ) today announced the availability of Black Duck® Supply Chain Edition , a new software composition analysis (SCA) offering that enables organizations to mitigate upstream risk in their software supply chains.
  • Black Duck Supply Chain Edition combines multiple open source detection technologies, automated third-party software bill of materials (SBOM) analysis, and malware detection to provide a comprehensive view of software risks inherited from open source, third-party, and AI-generated code.
  • Supply Chain Edition builds on the market-leading capabilities of Black Duck and delivers a full range of supply chain security capabilities to teams responsible for building secure, compliant applications.
  • Black Duck Supply Chain Edition will be generally available on April 25 and showcased May 6-9 at the RSA Conference in San Francisco at the Synopsys Software Integrity Group booth, #1027.

Sonatype Launches Industry-First Integrated System of Record for Management of SBOMs

Retrieved on: 
Tuesday, March 19, 2024
Organization, Comprehensive, Government, Software as a service, Reputational damage, Risk, Head, DevOps, Nation, FD, Research, Artificial intelligence, Policy, IDC, AI, SPDX, Benefit, Software, SBOM, VEX, Workflow, PCI, Machine learning, Collection, FDA, Medical device

This industry-first solution provides an integrated approach to managing SBOMs from third-party vendors, alongside those SBOMs created for your own software, powered by Sonatype’s unique data and security research.

Key Points: 
  • This industry-first solution provides an integrated approach to managing SBOMs from third-party vendors, alongside those SBOMs created for your own software, powered by Sonatype’s unique data and security research.
  • By enabling comprehensive optimization of SBOM management, Sonatype sets a new standard for compliance, scalability, and cybersecurity.
  • “Good software development is the crux of our modern world, and SBOMs have emerged as a critical building block in software quality.
  • Optimize Efficiency: Sonatype SBOM Manager significantly reduces the manual effort and complexity involved in handling SBOMs by automating SBOM generation, management, and monitoring.

SolarWinds Becomes First Software Provider to Align With New CISA Secure Software Development Guidance

Retrieved on: 
Thursday, March 21, 2024
VoIP, Software, Networks, Data Management, White House, Federal Government, Apps, Applications, Technology, Defense, Security, Homeland Security, Government Technology, Public Policy, Government, Cloud, CISA, IPAM, SCM, Culture, Face, Voice over IP, RSAA, Intelligence, DHS, White, VMAN, Management, SSDF, NCM, IP address, Senior, SBOM, Orion, NIST, Commerce, SWI, OMB, WPM, Computer security, SAM, UDT, NPM, SRM, Repository, Design, SolarWinds, Policy, NTA

SolarWinds (NYSE:SWI), a leading provider of simple, powerful, secure observability and IT management software, today announced it has submitted its Secure Software Development self-attestation in alignment with Cybersecurity and Infrastructure Security Agency (CISA) and Office of Management and Budget (OMB) requirements.

Key Points: 
  • SolarWinds (NYSE:SWI), a leading provider of simple, powerful, secure observability and IT management software, today announced it has submitted its Secure Software Development self-attestation in alignment with Cybersecurity and Infrastructure Security Agency (CISA) and Office of Management and Budget (OMB) requirements.
  • In submitting its form to the Repository for Software Attestation and Artifacts (RSAA), SolarWinds is the first software provider to publish CISA self-attestation in alignment with U.S. government requirements of all software providers.
  • SolarWinds has taken a significant step in promoting secure software practices by submitting this attestation that its products are designed with security as a foundational element, in line with not only NIST Secure Software Development Framework (SSDF) guidelines but the framework provided by the Office of Management and Budget's directive ( M-22-18 ).
  • For more information about the SolarWinds Secure by Design principles, visit https://www.solarwinds.com/secure-by-design-resources .

Quectel IoT Modules Significantly More Secure Than Industry Average According to Finite State

Retrieved on: 
Monday, March 18, 2024
Technology, Mobile, Wireless, Telecommunications, Software, Networks, Internet, Hardware, IOT (Internet of Things), Data Management, Finite, Communication, Internet of things, SBOM, VEX, Machine, Ecosystem, CSO, Red team, Risk management

This represents a substantial improvement, as both the initial and revised scores significantly surpass the industry average of 98 with the lowest (best) score of 10.

Key Points: 
  • This represents a substantial improvement, as both the initial and revised scores significantly surpass the industry average of 98 with the lowest (best) score of 10.
  • Further, the number of and severity of vulnerabilities Finite State did identify in Quectel products or modules are significantly less than the industry standard and revealed a very limited attack surface.
  • Those issues Finite State did discover have been quickly remedied by Quectel.
  • This advanced phase of testing leverages Finite State's security technologies and expertise to conduct an exhaustive third-party evaluation of Quectel's modules.

Akuity Introduces Security-Hardened Argo CD for Supercharging GitOps Practices with Unmatched Security

Retrieved on: 
Wednesday, March 13, 2024
Apps, Applications, Technology, Venture Capital, Security, Business, Professional Services, Software, Networks, Internet, Cloud, Software as a service, Running, OCI, SBOM, Enterprise, DevOps, FedRAMP, CSP, Multimedia, CVE, Video game

View the full release here: https://www.businesswire.com/news/home/20240313059866/en/

Key Points: 
  • View the full release here: https://www.businesswire.com/news/home/20240313059866/en/
    Akuity Introduces Security-Hardened Argo CD for Supercharging GitOps Practices with Unmatched Security (Graphic: Business Wire)
    The Akuity Platform is a Kubernetes application delivery platform powered by Argo CD , Akuity Co-Founders — CEO Hong Wang, CTO Jesse Suen, and Chief Architect Alexander Matyushentsev — are also the co-creators of the Argo Project.
  • Argo CD is a part of the Argo project, a suite of open source tools purpose-built for deploying and running applications and workloads on Kubernetes that also includes Argo Rollouts , Argo Workflows , and Argo Events .
  • SBOM and CVE Patching for Argo CD: keeping you ahead of vulnerabilities with regular patching and real-time security scanning.
  • Adding this offering on top of Akuity Platform’s agent-based architecture , which strengthens Argo CD security from the start, offers businesses a streamlined pathway to FedRAMP authorization and unparalleled GitOps security.

Codenotary’s SBOM.sh Surpasses 100,000 Software Projects Milestone

Retrieved on: 
Tuesday, March 12, 2024
Technology, Finance, Security, Banking, Professional Services, Software, Networks, Data Analytics, Data Management, Online, Community, Organization, Growth, Risk, Knowledge, SBOM, NIST, Ecosystem, API, Representational state transfer, UI, GitHub, Online shopping

In an impressive showcase of rapid growth and widespread adoption, SBOM.sh, the groundbreaking service dedicated to enhancing software security, is now protecting over 100,000 software projects.

Key Points: 
  • In an impressive showcase of rapid growth and widespread adoption, SBOM.sh, the groundbreaking service dedicated to enhancing software security, is now protecting over 100,000 software projects.
  • Codenotary’s free SBOM.sh online service allows developers easy creation, storing and sharing of SBOMs and vulnerability assessment of their software projects in an easy and fast way.
  • Since its inception, SBOM.sh has been at the forefront of addressing one of the most pressing challenges in the software development industry: ensuring the security and integrity of software projects.
  • With 100,000 software projects protected by SBOM.sh, it asserts Codenotary’s commitment to making software security accessible, manageable, and effective for developers and organizations.

Finite State Raises $20 Million Growth Round to Secure Critical Infrastructure and Software Supply Chains

Retrieved on: 
Friday, March 22, 2024
Finite, Organization, Schneider Electric, Risk management, EPRI, Growth, EIP, Trust, Risk, Ministry of Energy, Triage, Acquisition, MITRE, SBOM, Machine

COLUMBUS, Ohio, March 22, 2024 /PRNewswire-PRWeb/ -- Finite State, the leader in comprehensive software risk management for the connected world, today announced that it raised a $20 million growth round led by Energy Impact Partners (EIP). This investment underscores Finite State's pivotal role in addressing critical cybersecurity challenges faced by organizations worldwide and its commitment to advancing innovative solutions for securing connected devices and critical infrastructure.

Key Points: 
  • Amid escalating threats, Finite State's platform offers visibility and risk management capabilities to proactively identify vulnerabilities in software supply chains, safeguarding critical systems.
  • COLUMBUS, Ohio, March 22, 2024 /PRNewswire-PRWeb/ -- Finite State, the leader in comprehensive software risk management for the connected world, today announced that it raised a $20 million growth round led by Energy Impact Partners (EIP).
  • Finite State's robust growth trajectory comes amid escalating cyber threats and regulatory pressures driving organizations to prioritize software supply chain security.
  • As Finite State embarks on its next phase of growth, the company remains steadfast in its mission to empower organizations to secure their software supply chains and protect critical infrastructure from evolving cyber threats.

SUSE Strengthens Container Management Portfolio to Help Platform Engineering Teams Manage at Scale, Support AI/ML Workloads

Retrieved on: 
Tuesday, March 19, 2024
OS, Arm, Automation, Certification, Organization, GPU, Red Hat Enterprise Linux, Platform as a service, Harvester, G5, Linux, SLSA, Knowledge, IDC, AI, X86, SBOM, VM, NVIDIA GPU, Graphics processing unit, DevOps, API, Version 2.0, NVIDIA, Engineering, Mobile phone

"At SUSE, our commercial and open source users are equally important," said Peter Smails, general manager of the SUSE Enterprise Container Management business unit.

Key Points: 
  • "At SUSE, our commercial and open source users are equally important," said Peter Smails, general manager of the SUSE Enterprise Container Management business unit.
  • New capabilities in Rancher Prime 3.0 help platform engineering teams deliver self-service Platform-as-a-Service (PaaS) to their developer communities, and enhanced support for AI workloads.
  • SUSE is also introducing Rancher Enterprise, a single package and price for the entire portfolio of Rancher Prime including multi-cluster management, OS management, VM management, persistent storage, and SUSE's certified Linux OS, SUSE Linux Enterprise Micro.
  • SUSE continues to invest in open source innovation across its entire cloud native portfolio to support its large community of users.