There’s a big movement afoot to move to an SBOM-oriented world. If you’re new to this acronym, an SBOM is a “Software Bill of Materials.” The idea is that any piece of software, or service, should come with the equivalent of an ingredients label, itemizing the component pieces of software included in the manufacture of the product. That way, any vulnerability in a component that you don’t fix becomes visible to your customers. It sounds simple, right? Just write down the software you used in assembling your system!
Just.
“Just” is the most dangerous word in cybersecurity. In any complex system, there is an impulse to use a much simpler model to describe the system. Sometimes, this can be helpful because it makes the system easier to think about. Unfortunately, solutions that apply in simple systems are not usually as easy to apply to—and certainly rarely as effective in—more complex systems.
More Stories
US Treasury Urges Financial Sector to Address AI Cybersecurity Threats
The US Treasury report sets out recommendations for financial institutions on addressing immediate AI-related operational risk, cybersecurity and fraud challenges...
Sellafield nuclear waste dump faces prosecution over cybersecurity failures
The UK's Office for Nuclear Regulation (ONR) has started legal action against the controversial Sellafield nuclear waste facility due to...
NIST Unveils New Consortium to Operate its National Vulnerability Database
After weeks of speculation, NIST has finally confirmed its intention to establish an industry consortium to develop the NVD in...
Teen Slang – What You Need To Know To Understand Your Teen
Got any ‘rizz’? Did you ‘slay’ that dinner? Is the ‘cozzie livs’ stressing you out? If you do not comprehendo,...
17 Billion Personal Records Exposed in Data Breaches in 2023
Flashpoint recorded a 34.5% rise in reported data breaches in 2023, with ransomware a major driver of this increase Read...
Hardware Vulnerability in Apple’s M-Series Chips
It’s yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts...