#sbom

[ follow ]
#software-supply-chain #vulnerability-management #github-actions #secret-scanning #cicd-security
fromDeveloper Tech News
8 hours ago

White House rescinds software security compliance mandates

The Office of Management and Budget (OMB) issued Memorandum M-26-05 (PDF) which officially revokes the 2022 policy known as M-22-18 and its 2023 companion policy, M-23-16. This reversal alters the governance landscape for enterprise architects and platform engineers who service federal contracts or align with federal standards. The previous directives mandated specific secure software development practices, including the widespread generation and maintenance of Software Bills of Materials (SBOMs).
US politics
#software-supply-chain
fromSecuritymagazine
5 months ago
Information security

CISA Issues Software Bill of Materials Draft, Encourages Public Comments

Updated minimum elements for SBOMs guide standardized, machine-readable SBOM generation and sharing to improve software supply chain transparency and risk-informed cybersecurity decisions.
fromTechzine Global
8 months ago
Software development

Dropping the SBOM, why software supply chains are too flaky

The importance of managing software supply chain security is rising due to increased vulnerabilities and the prevalence of open-source software.
more#software-supply-chain
fromInfoWorld
4 days ago

GitLab devsecops survey finds progress, new priorities

Results of the survey, conducted in April, have been compiled into GitLab's 2024 Global DevSecOps Report, which was announced June 25. Among the findings, 78% of respondents said they are currently using AI in software development or plan to in the next two years, an increase from 64% of respondents who said they were using or planning to use AI in development last year.
Software development
Information security
fromTechzine Global
2 weeks ago

From vulnerability whack-a-mole to strategic risk operations

Shift security from counting vulnerabilities to strategic risk operations that prioritize exposure, value at risk, and measurable business outcomes.
#github-actions
more#github-actions
Information security
fromSecurityWeek
4 months ago

New Guidance Calls on OT Operators to Create Continually Updated System Inventory

OT organizations must build and maintain definitive, continually updated records using asset inventories, SBOMs and prioritized processes to enable holistic risk assessment and controls.
#cyber-resilience-act
more#cyber-resilience-act
DevOps
fromfaun.pub
4 months ago

SBOM-Driven Deployments: Blocking Builds Without Verified Dependencies

Generate and enforce SBOMs in CI/CD to block risky dependencies and prevent supply chain breaches.
Artificial intelligence
fromDevOps.com
5 months ago

Survey Surfaces Raft of AI Coding Issues Involving Embedded Systems - DevOps.com

AI coding assistants are widely used in embedded-system development, but governance, security, and open-source license risk confidence remain lacking.
fromSecuritymagazine
5 months ago

Report Reveals Gap Between AI Use and AI Security In Embedded Software

The State of Embedded Software Quality and Safety 2025 from Black Duck reveals a disconnect between the organizational use of AI and AI security. The embedded software landscape is transforming, largely driven by AI, with 89.3% of organizations already utilizing AI coding assistants and 96.1% integrating products with open source AI models. However, 21.1% of organizations still lack confidence in their capabilities to prevent AI from opening the door to vulnerabilities.
Software development
Information security
fromDevOps.com
7 months ago

Survey Surfaces Uneven Adoption of SBOMs to Secure Software - DevOps.com

Many organizations are struggling to meet SBOM requirements and integrate necessary tools.
A significant majority believe AI can improve security visibility but also raise new risks.
[ Load more ]