There’s a big movement afoot to move to an SBOM-oriented world. If you’re new to this acronym, an SBOM is a “Software Bill of Materials.” The idea is that any piece of software, or service, should come with the equivalent of an ingredients label, itemizing the component pieces of software included in the manufacture of the product. That way, any vulnerability in a component that you don’t fix becomes visible to your customers. It sounds simple, right? Just write down the software you used in assembling your system!
Just.
“Just” is the most dangerous word in cybersecurity. In any complex system, there is an impulse to use a much simpler model to describe the system. Sometimes, this can be helpful because it makes the system easier to think about. Unfortunately, solutions that apply in simple systems are not usually as easy to apply to—and certainly rarely as effective in—more complex systems.
More Stories
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google...
Friday Squid Blogging: Sunscreen from Squid Pigments
They’re better for the environment. Blog moderation policy. Read More
Compromising the Secure Boot Process
This isn’t good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than...
Synnovis Restores Systems After Cyber-Attack, But Blood Shortages Remain
Synnovis has rebuilt “substantial parts” of its systems following the Qilin ransomware attack on June 3, enabling the restoration of...
Hacktivists Claim Leak of CrowdStrike Threat Intelligence
CrowdStrike has acknowledged the claims by the USDoD hacktivist group, which has provided a link to download the alleged threat...
CrowdStrike Falcon Outage Exploited for Social Engineering
Cyber threat actors are exploiting the CrowdStrike Falcon outage to conduct social engineering attacks. Here's what the CIS CTI team...