Sonatype, Snyk and Black Duck remained atop Forrester's software composition analysis rankings as commoditization of core features has led to increased competition. Pressure in the market has increased due to both a saturation of core functionalities and license identification.
The state of software security is constantly evolving, and although awareness around it has increased, the industry is no closer to solving the problem, said Brian Fox, co-founder and chief technology officer, Sonatype. Fox highlighted the crucial issues the industry continues to face.
OpenSSF launched a new tool Tuesday in partnership with the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency to help simplify for federal agencies and private organizations the process of reading and generating software bills of materials.
The U.S. Cybersecurity and Infrastructure Security Agency is aiming to improve the implementation of software bills of materials across the public and private sectors as experts warn that a failure to build and use the critical inventory lists could result in "catastrophic security breaches."
Procurement experts testified to the House Subcommittee on Cybersecurity, Information Technology, and Government Innovation on Wednesday that government requirements leave too many unanswered questions and ambiguities for federal agencies when it comes to implementing SBOMs.
The U.S. Cybersecurity and Infrastructure Security Agency published guidance that offers best practices in developing consumption processes for software bills of materials, but experts told ISMG the document lacks technical specifics and warned that most organizations face SBOM resourcing issues.
ASPM was introduced to help organizations consolidate and optimize their AppSec programs. But with dozens of vendors embracing the term, and approaching the problem in a multitude of ways, there’s a lot of confusion about what to look for in an enterprise ASPM solution.
ASPM solutions are designed to deliver...
In the latest "Proof of Concept," DXC Technology IT CISO and CyberEdBoard member Mike Baker and Chris Hughes, co-founder and CISO of Aquia, join ISMG editors to discuss benefits, challenges and misconceptions of adopting open-source software in modern code bases - plus best practices for securing them.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.