The fallout from the Log4j vulnerability has prompted bipartisan action to beef up open source software security. Proposed act would task CISA with developing a risk framework to evaluate open source code used by the federal government, and could be passed on to critical infrastructure businesses.
Software Bill of Materials (SBOMs) are catching on as companies seek better visibility in software supply chains and need accurate information for vulnerability disclosure requirements. But maintaining an accurate SBOM isn’t a quick and easy task. Here’s what to keep in mind when building an SBOM.
Software security flaws are present in three-quarters of applications, and teams are taking over six months to fix half of them.