SBOMs are the gifts that keep on giving.

SBOMs are the gifts that keep on giving.

The timing of CISA’s SBOM-a-rama today and tomorrow coincides with the fallout from the “vulnerability of the decade” gifting the industry with yet another example of why scaling and operationalizing the widespread use of SBOMs is so vital. Log4Shell is a 10/10 vulnerability in a hugely popular Java logging library – Log4j – used in virtually every online service. For two decades it was…

SBOM Sharing Should be Easy. Now it is!

SBOM Sharing Should be Easy. Now it is!

Today we’re pleased to announce the RKVST SBOM Hub – the first place to find and fetch SBOMs. RKVST SBOM Hub is a secure, immutable, any-to-any framework that integrates into both publisher and subscriber workflows to massively simplify the effective sharing of SBOMs to help all parties comply with the Executive Order.  Try it out for yourself here. Since the Presidential Executive Order in May 2021, tools to create…

Why RKVST?

Why RKVST?

Do you want to archive old emails now? We’ve all seen the prompt and many of us choose to consign thousands of emails to an uncertain fate, protected (somewhere) in case we should ever need to cover our arses in some future argument. But this paints a very limited and negative picture of the importance and indeed relevance of…

A tamper-proof golden thread of evidence

A tamper-proof golden thread of evidence

Immutability is the third key to the continuous assurance of critical assets in a zero-trust world. Knowing where assets come from (Provenance) and creating fine-grade control over who can access what (Governance) are vital, but without full confidence that an asset has not been falsified, tampered with, or otherwise altered by accident or design, real…

Helping developers empower good governance for business users

Helping developers empower good governance for business users

Knowing where critical assets come from, and who has had access to modify, maintain or control them on the way into your enterprise is just the first step in securing the cyber supply chain. Creating, monitoring, and auditing effective governance to define exactly who can see, use and modify assets within your control is the…

A Business Leader’s Guide to Sharing SBOMs

A Business Leader’s Guide to Sharing SBOMs

Since the US President’s executive order demanded Software Bills of Material or SBOMs as a key asset to increase cybersecurity and resilience, the term has rapidly moved from software development circles to the boardroom. In our recent blog we examined what IT professionals need to know to implement and share SBOMs effectively – but what…