« Previous 1 2 3
Security and automation with SBOMs
Unboxing
Conclusions
SBOMs are an important strategy whose implementation is mandated by regulatory requirements. However, they also offer great potential for improving processes for secure software development and increasing cyber resilience, in particular through automation in conjunction with the tools presented here, such as IT asset management, patch management, and others. The regulatory requirements alone force companies to act and do not just apply to software companies, but to all areas in which software is part of a product – for example, the firmware. Companies need to address SBOM and its implications now and should leverage its potential to optimize processes and improve integration between software development and cybersecurity.
Infos
- US Executive Order on Improving the Nation's Cybersecurity: https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
- EU Cyber Resilience Act: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0130_EN.html#title2
- CISA on SBOM: https://www.cisa.gov/sbom
- NTIA minimum elements for an SBOM: https://www.ntia.doc.gov/files/ntia/publications/sbom_minimum_elements_report.pdf
- OWASP CycloneDX: https://cyclonedx.org
- ISO/IEC 5230:2020: https://www.iso.org/standard/81039.html
- ISO/IEC 5962:2021: https://www.iso.org/standard/81870.html
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
- How to Use an SBOM
- Synopsys Report Shows "Alarming" Increase in High-Risk Vulnerabilities
-
Trivy security scanner
The Trivy open source tool provides information on container and software security. - Open Source Malware on the Rise, According to Sonatype Report
-
Exploring the AlmaLinux Build System
The AlmaLinux Build System lets you build, test, sign, and release packages from a single interface.