Another six-week cycle is in the books here at balena, and as always, we are excited to share what we have been working on.| balena Blog
This PEP proposes a new file format for specifying dependencies to enable reproducible installation in a Python environment. The format is designed to be human-readable and machine-generated. Installers consuming the file should be able to calculate wha...| Python Enhancement Proposals (PEPs)
A Linux Foundation case study on using cdsbom to enhance SPDX SBOMs with license data from ClearlyDefined for better compliance and transparency.| Open Source Initiative
Written by Lex Crumpton and Charles Clancy.| Medium
Explore the increasing threats of supply chain cyber attacks in manufacturing ecosystems. Delve into what these attacks entail, their consequences, and the pivotal role of software bills of materials (SBOMs) in risk assessment. Learn key strategies for mitigating these attacks and fortifying the security of interconnec...| Claroty
Learn about software bill of materials (SBOM) in the context of governance, risk and compliance (GRC) and how to implement it in your organization.| Onspring
Vulnerability Forecasting Technical Colloquium| FIRST — Forum of Incident Response and Security Teams
Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery: The security of the global Internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers. It’s an u...| Schneier on Security
The recent cybersecurity catastrophe that wasn’t reveals an untenable situation, one being exploited by malicious actors.| Default
The last few years have seen the Application Security (AppSec) industry undergo some dramatic changes, with new types of attacks materializing and new types of security companies forming in response. The classic security industry game of whack-a-mole is now in full swing, with enterprises, security vendors, and AppSec teams alike collectively figuring out what it…| Scale Venture Partners
SUMMARY| Cybersecurity and Infrastructure Security Agency CISA
With the rise of software-based products, regulators have quickly implemented new standards to help manage the complexities of the software supply chain.| ISACA
ENOSUCHBLOG| blog.yossarian.net