The sbomify Blog
Content for software, product, and digital security experts
Exploring the New SPDX 3.0: A Game Changer for SBOMs
TL;DR: SPDX 3.0 is the latest update to the Software Package Data Exchange standard, significantly enhancing the way Software Bill of...
What Is OpenSSF? Scorecards, SLSA, and the Open Source Security Ecosystem
After the Log4Shell vulnerability exposed how a single widely-used open source library could affect hundreds of thousands of organizations,...
How SBOMs Streamline SOC 2 Compliance: Insights for the Agile Enterprise
Decoding SOC 2 Compliance for Agile Enterprises For agile enterprises aiming to assure clients that their data is in safe hands, SOC 2...
What really happened to XZ?
The article “XZ Backdoor Story Part 1” from Securelist delves into the discovery and analysis of a backdoor found in XZ, which...
Elevate Your Cybersecurity with Our Leading SBOM Management Solution
In an era where digital security is paramount, the recent Executive Order 14028 on Improving the Nation’s Cybersecurity has set a new...
NIST Cybersecurity Framework (CSF) 2.0: What It Means for Software Supply Chain Security
In February 2024, the National Institute of Standards and Technology (NIST) released version 2.0 of the Cybersecurity Framework – the most...
What Is a CBOM? The Cryptography Bill of Materials Explained
Organizations know what software libraries they depend on – or at least they should, if they maintain SBOMs. But ask most organizations what...
How to create an SBOM
📘 Updated Guides Available This article provides a general overview, but we now have more comprehensive and up-to-date guides available....
Elevating M&A Due Diligence with SBOMs: A Guide for Corporate Strategists
In the competitive arena of mergers and acquisitions (M&A), the due diligence phase is a pivotal moment that determines the success or...
Elevating M&A Due Diligence with sbomify's SBOM Management
In the world of mergers and acquisitions (M&A), the stakes are high, and the margin for error is low. A critical aspect of the M&A...
Streamlining Open Source License Compliance in M&A: Unveiling the sbomify Advantage
In the intricate arena of mergers and acquisitions (M&A) within the tech industry, the due diligence process is paramount, especially...
Demystifying SBOMs: The Backbone of Modern Software Security
When the Log4Shell vulnerability (CVE-2021-44228) was disclosed in December 2021, organizations around the world scrambled to answer a...