Understanding software supply chain attacks and strategies to defend against them.| fossa.com
As part of its new cybersecurity executive order, the U.S. Federal government released the minimum required elements for a software bill of materials.| Dependency Heaven
As enterprises shop for tools that deliver SCA at scale, let's examine what we should keep in mind when defining the right risk mitigation solution.| Dependency Heaven
Learn about SPDX License Identifiers and License Expressions, and see how you can use them to communicate licensing information in an SBOM.| Dependency Heaven
Explore key areas of conducting technical due diligence, including auditing third-party software usage and evaluating protections on intellectual property.| Dependency Heaven
Customizability, ease of use, and support for CycloneDX and SPDX are among the most important features of a best-in-class SBOM tool.| Dependency Heaven
Learn about VEX (Vulnerability Exploitability eXchange), which is used to communicate whether vulnerabilities impacting software products are actually exploitable.| Dependency Heaven
A new provision in PCI DSS 4.0 will require certain organizations to create and maintain SBOMs to help facilitate vulnerability management.| Dependency Heaven
See important considerations and recommendations for requesting SBOMs (software bill of materials) from software suppliers.| Dependency Heaven
SPDX 3.0 introduces new profiles for better use case targeting and flexibility. Major upgrades include changes in document structure, profiles, relationships, and creator information.| fossa.com
Explore different SBOM formats like SPDX and CycloneDX, their specifications, and their implications for software transparency and cybersecurity.| fossa.com
Explore the FDA's new SBOM requirements for medical devices, detailing the scope, structure, and support information needed for compliance.| fossa.com
A detailed comparison of SCA and SAST security tools, highlighting their differences and combined use for enhanced security.| fossa.com
A new version of the CycloneDX bill of materials specification has been released. See what's new in CycloneDX v1.5.| Dependency Heaven