February 16, 2024 at 08:09AM Cybersecurity startup Protect AI disclosed eight vulnerabilities in the open source supply chain used for in-house AI/ML models, including critical and high-severity ones with CVE numbers. Protect AI emphasized the need for an AI/ML BOM to address unique AI risks. Their vulnerability detection methods include a bug bounty program and … Read more
February 7, 2024 at 07:12PM Proposed changes to US government procurement rules would require IT service organizations to provide full access to their systems in the event of a security incident. These requirements, developed by DoD, GSA, and NASA, have faced criticism from industry respondents who find them burdensome and inconsistent with other reporting rules. … Read more
January 26, 2024 at 09:38PM The Network Resilience Coalition advocates for improving network security by addressing outdated and improperly configured hardware and software. The NRC comprises major industry players and aligns with government cybersecurity initiatives. It urges IT vendors to adhere to modernized cybersecurity standards and implement secure software development practices. Immediate action and adherence … Read more
January 18, 2024 at 10:00AM Kusari, a software supply chain security startup, has secured $8 million in pre-seed and seed funding led by J2 Ventures and Glasswing Ventures, with support from Unusual Ventures. Founded by members of OpenSSF and CNCF, Kusari aims to provide transparency in the software supply chain with its GUAC tool, reducing … Read more
January 5, 2024 at 05:30AM Vigilant Ops, a cybersecurity startup based in Pittsburgh, Pennsylvania, recently secured a $2 million seed investment from DataTribe. The investment aims to aid organizations in managing software bills of materials through Vigilant Ops’ automated platform. The platform caters to regulated organizations, offering vulnerability monitoring and security patch notifications to ensure … Read more
December 15, 2023 at 03:03PM Xeol, a New York City-based cybersecurity company, raised $3.2 million in Seed funding led by Shield Capital. With a focus on securing software supply chains, Xeol emphasizes foundational standards like Software Bill of Materials (SBOM) and Supply-chain Levels for Software Artifacts (SLSA). The company has already signed its first Fortune … Read more
December 13, 2023 at 10:07AM After the Log4j incident, there is increased scrutiny on the security of software supply chains. Key stakeholders including the US government, CISA, the EU Commission, the UK’s NCSC, and Japan are collaborating to enhance the utility of software bills of materials (SBOMs). However, challenges lie in implementation, responsibility allocation, and … Read more
December 11, 2023 at 06:03PM Fortress and CodeSecure have partnered to enhance software security by mapping open-source components and identifying vulnerabilities. The partnership aims to fortify national security and critical infrastructure from cyber threats. CodeSecure’s capabilities will expand Fortress’ Software Bill of Materials (SBOM) database, providing risk data to critical industries via NAESAD. A webinar … Read more
November 21, 2023 at 09:00AM Webinar: Learn why a Software Bill of Materials (SBOM) may not provide sufficient protection for your application’s attack surfaces. Introducing an eXtended Software Bill of Materials (XBOM) that offers a more accurate and comprehensive view of your application, infrastructure, and pipeline components. Join the webinar on 28 November at 5pm … Read more
November 10, 2023 at 07:00AM The US cybersecurity agency CISA, the NSA, and the ODNI have issued new guidance to help software vendors secure the software supply chain. The guidance focuses on assessing security measures throughout the software lifecycle, managing open source software and software bills of materials, and making recommendations for different phases of … Read more