The timing of CISA’s SBOM-a-rama today and tomorrow coincides with the fallout from the “vulnerability of the decade” gifting the industry with yet another example of why scaling and operationalizing the widespread use of SBOMs is so vital. Log4Shell is a 10/10 vulnerability in a hugely popular Java logging library – Log4j – used in virtually every online service. For two decades it was…
Today we’re pleased to announce the RKVST SBOM Hub – the first place to find and fetch SBOMs. RKVST SBOM Hub is a secure, immutable, any-to-any framework that integrates into both publisher and subscriber workflows to massively simplify the effective sharing of SBOMs to help all parties comply with the Executive Order. Try it out for yourself here. Since the Presidential Executive Order in May 2021, tools to create…
Simple math makes the complexity of SBOM sharing clear. CISA has identified 11 categories of critical software – everything from browsers and operating systems to identity
Do you want to archive old emails now? We’ve all seen the prompt and many of us choose to consign thousands of emails to an uncertain fate, protected (somewhere) in case we should ever need to cover our arses in some future argument. But this paints a very limited and negative picture of the importance and indeed relevance of…
Immutability is the third key to the continuous assurance of critical assets in a zero-trust world. Knowing where assets come from (Provenance) and creating fine-grade control over who can access what (Governance) are vital, but without full confidence that an asset has not been falsified, tampered with, or otherwise altered by accident or design, real…
Knowing where critical assets come from, and who has had access to modify, maintain or control them on the way into your enterprise is just the first step in securing the cyber supply chain. Creating, monitoring, and auditing effective governance to define exactly who can see, use and modify assets within your control is the…
Provenance literally means knowing where something came from. The term has most frequently been used in the art world as galleries, investors and archivists seek to prove the origin of specific works of art. But more recently it has been adopted by the data science community and now the wider assurance sector. Why? Knowing not…
Since the US President’s executive order demanded Software Bills of Material or SBOMs as a key asset to increase cybersecurity and resilience, the term has rapidly moved from software development circles to the boardroom. In our recent blog we examined what IT professionals need to know to implement and share SBOMs effectively – but what…