TMCnet News
Revenera Offers SCA Solutions and Resources to Help Users Meet Software Bill of Materials (SBOM) Mandate Included in White House Executive OrderITASCA, Ill., May 20, 2021 (GLOBE NEWSWIRE) -- Revenera, producer of leading solutions that help technology companies build better products, accelerate time to value and monetize what matters, is offering software suppliers and software vendors the resources and tools to help develop the Software Bill of Materials (SBOM) required through the White House’s executive order on improving the nation’s cybersecurity. The Growth of SCA and SBOM
Impact of May 12, 2021, White House Executive Order As a part of this Executive Order, the White House emphasizes the importance of enhancing software supply chain security through the SBOM. The SBOM is defined as “a formal record containing the details and supply chain relationships of various components used in building software. Software developers and vendors often create products by assembling existing open source and commercial software components.” The Federal Government’s increased focus on the SBOM is a mandate that highlights the critical need to protect the software supply chain from cyberattacks and malicious actors. There are many ways to manage open source compliace, and OpenChain 2.1 ISO/IEC 5320 provides a set of requirements to help evaluate whether your approach is sufficient. Software Package Data Exchange (SPDX), CycloneDX, and Software Identification (SWID) are three key industry accepted formats by which organizations throughout the supply chain can share information about their SBOMs. “The software industry’s reliance on open source, along with a sharp increase in open source dependencies and the frequency of newly reported security exploits, has set up a perfect storm for supply chain security,” said Alex Rybak, Director of Product Management at Revenera. “Realizing this, the Biden administration has put forth a mandate for the software bill of materials (SBOM) as the means for increased visibility into the software supply chain via a comprehensive executive order. Vendors need visibility into the chain of custody of their software applications to understand both which components are used by an application, as well as which organization is responsible for fixing security issues if they arise. This information is critical to assess impact and act quickly when a new security vulnerability is reported.” Best Practices for Meeting National Security Guidelines for Open Source Software Usage:
Additional Resources:
About Revenera
Media Contact Clement | Peterson PR on behalf of Revenera [email protected] |