#sbom

[ follow ]
#software-supply-chain #vulnerability-management #devsecops #cybersecurity #github-actions #secret-scanning
#devsecops
DevOps
fromDevOps.com
1 day ago

Software Weaponization Raises DevSecOps Stakes - DevOps.com

Vulnerabilities are increasingly weaponized and stockpiled, requiring runtime visibility, continuously updated SBOMs, and automated, prioritized remediation across the delivery lifecycle.
more#devsecops
DevOps
fromSecurityWeek
1 week ago

G7 Countries Release AI SBOM Guidance

G7 agencies issued AI-focused SBOM guidance defining minimum elements to improve transparency, vulnerability tracking, and supply-chain risk reduction.
Information security
fromSecurityWeek
4 weeks ago

Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data

SBOMs and VEX statements fail to enhance software supply chain security due to poor decision-making and inconsistent interpretation of available data.
#cybersecurity
fromInfoQ
1 month ago
EU data protection

How SBOMs and Engineering Discipline Can Help You Avoid Trivy's Compromise

SBOMs are essential for developers to enhance security and comply with new legislative requirements.
fromDevOps.com
11 months ago
Information security

Survey Surfaces Uneven Adoption of SBOMs to Secure Software - DevOps.com

Many organizations are struggling to meet SBOM requirements and integrate necessary tools.
A significant majority believe AI can improve security visibility but also raise new risks.
EU data protection
fromInfoQ
1 month ago

How SBOMs and Engineering Discipline Can Help You Avoid Trivy's Compromise

SBOMs are essential for developers to enhance security and comply with new legislative requirements.
more#cybersecurity
#software-supply-chain
more#software-supply-chain
fromDeveloper Tech News
3 months ago

White House rescinds software security compliance mandates

The Office of Management and Budget (OMB) issued Memorandum M-26-05 (PDF) which officially revokes the 2022 policy known as M-22-18 and its 2023 companion policy, M-23-16. This reversal alters the governance landscape for enterprise architects and platform engineers who service federal contracts or align with federal standards. The previous directives mandated specific secure software development practices, including the widespread generation and maintenance of Software Bills of Materials (SBOMs).
US politics
Information security
fromTechzine Global
4 months ago

From vulnerability whack-a-mole to strategic risk operations

Shift security from counting vulnerabilities to strategic risk operations that prioritize exposure, value at risk, and measurable business outcomes.
#github-actions
more#github-actions
Information security
fromSecurityWeek
7 months ago

New Guidance Calls on OT Operators to Create Continually Updated System Inventory

OT organizations must build and maintain definitive, continually updated records using asset inventories, SBOMs and prioritized processes to enable holistic risk assessment and controls.
#cyber-resilience-act
more#cyber-resilience-act
DevOps
fromfaun.pub
8 months ago

SBOM-Driven Deployments: Blocking Builds Without Verified Dependencies

Generate and enforce SBOMs in CI/CD to block risky dependencies and prevent supply chain breaches.
Artificial intelligence
fromDevOps.com
8 months ago

Survey Surfaces Raft of AI Coding Issues Involving Embedded Systems - DevOps.com

AI coding assistants are widely used in embedded-system development, but governance, security, and open-source license risk confidence remain lacking.
fromSecuritymagazine
8 months ago

Report Reveals Gap Between AI Use and AI Security In Embedded Software

The State of Embedded Software Quality and Safety 2025 from Black Duck reveals a disconnect between the organizational use of AI and AI security. The embedded software landscape is transforming, largely driven by AI, with 89.3% of organizations already utilizing AI coding assistants and 96.1% integrating products with open source AI models. However, 21.1% of organizations still lack confidence in their capabilities to prevent AI from opening the door to vulnerabilities.
Software development
[ Load more ]