Software Bill of Materials (SBOM)

July 12, 2023

CycloneDX 1.5: The next big step for SBOMs and software transparency

With CycloneDX 1.5, OWASP is introducing a number of new types of SBOMs. Here's a full run-down on changes — and what they mean for software transparency.
June 15, 2023

CISA SBOM-a-rama tackles challenges: 5 key takeaways

The challenges — and also the promise — of software bills of materials were on display Wednesday as CISA hosted SBOM-a-rama. Here are five key takeaways.
June 12, 2023

Self-attestation: What software teams need to know

Software vendors who do business with the federal government now have to prove they are practicing basic supply chain security. Here are the requirements.
May 16, 2023

7 obstacles to SBOM success

The path to success for software bills of materials is riddled with hurdles. Experts explain key factors that could threaten your SBOM investments.
May 10, 2023

What’s behind SBOM skepticism? One word: Fear

In this ConversingLabs talk, Josh Corman, founder of I Am The Cavalry, explains what’s behind industry skepticism around software bills of materials.
May 2, 2023

How to operationalize SBOMs for incident response

Learn why Software Bills of Materials are essential for cybersecurity incident response — and how to put them to work.
February 28, 2023

Software supply chain security and SBOM automation: The next big step in risk management

Here's a look at the state of Software Bills of Materials (SBOMs) — and why automating them is the next big step in managing software supply chain risk.
February 13, 2023

The case for SBOM benchmarks: "Ground truth" is key

SBOMs help software teams protect their supply chains — but they can also create new challenges. Here's why standardization is needed.
January 30, 2023

6 misconceptions about Software Bills of Materials

SBOMs could become Software Bills of Mediocrity. But not if we can agree on their value for software supply chain security. Chris Romeo explains.
January 18, 2023

Supply chain security and compliance: Why software organizations should get out in front of requirements

Get out in front of software supply chain compliance requirements for a competitive advantage. Here's what your software organization needs to know.
December 1, 2022

Log4j one year in: Vulnerability fuels attacks — and a new urgency for software supply chain security

One year ago, a vulnerability in Apache’s Log4j turned the security world on its ear. What has changed since then? Here are the key takeaways from Log4Shell's legacy.
November 23, 2022

GitHub repojacking attack: 10 lessons for software teams

Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.

SUBSCRIBE

Get our blog delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

Apple Devices as a Growing Attack Vector Apple Devices as a Growing Attack Vector
Conversations About Threat Hunting and Software Supply Chain Security
ReversingGlass: EPSS 3.0 + CVSS: Why Prioritizing Software Risk is Key ReversingGlass: EPSS 3.0 + CVSS: Why Prioritizing Software Risk is Key
Glassboard conversations with ReversingLabs Field CISO Matt Rose