Over five million accounts were exposed

Read More

CISOs trying to determine which of the three major cloud service providers (CSPs) offers the best security need to break that question down into two parts: Which one does the best job securing its own infrastructure, and which one does the best job helping you to secure your data and applications?

Security in the public cloud is based on the shared responsibility model, the notion that it’s possible to create a hard line that separates the role of the cloud service provider (securing the platform) with the role of the customer (protecting its assets in the cloud). Sounds good in theory, but in practice the shared responsibility model can be tricky when CISOs are dealing with one cloud vendor, but exponentially more difficult in a multi-cloud world.

To read this article in full, please click here

Read More

Software bills of materials (SBOMs) are becoming a critical component of vulnerability management. Many organizations, however, are still wrestling with understanding fundamental topics in the SBOM discussion, such as the differences among the SBOM formats.

What are SBOM formats?

SBOM formats are standards for defining a unified structure for generating SBOMs and sharing them with end users or customers. They describe the composition of software in a common format that other tools can understand.

The leading SBOM formats are Software Package Data Exchange (SPDX), Software Identification (SWID) Tagging, and CycloneDX. Only SPDX and CycloneDX are being adopted for security use cases. SWID is primarily focused on licensing and is therefore out of scope for this discussion. As the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and others have stated, we will have multiple SBOM formats for some time.

To read this article in full, please click here

Read More

Digital supplier hit by suspected ransomware

Read More