新浪香港

SINA HONG KONG LIMITED

GlobeNewswire 

CISA, DHS S&T and OpenSSF Announce Global Launch of Software Supply Chain Open Source Project

GlobeNewswire

Protobom project allows for easy creation and translation of Software Bill of Materials (SBOMs)

WASHINGTON, April 16, 2024 (GLOBE NEWSWIRE) — The Open Source Security Foundation (OpenSSF), in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Homeland Security (DHS) Science and Technology Directorate (S&T), today announced the launch and availability of Protobom, a new and innovative open source software supply chain tool. Protobom enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials (SBOMs) and file data, as well as translate this data across standard industry SBOM formats. The OpenSSF has further committed to facilitating the open source and collaborative development of Protobom while encouraging the growth of an open source contributor community.

Key to strengthening software security and software supply chain risk management, an SBOM is a nested, formatted inventory that lists the components making up software to include the supply chain relationships of various open source and commercial components used in building software. Understanding the supply chain of software, obtaining an SBOM and using it to analyze known vulnerabilities are crucial for managing cybersecurity risk. Currently, multiple SBOM data formats and identification schemes exist, which makes it challenging for organizations wanting to adopt SBOM usage. Protobom aims to mitigate this issue by offering a format-neutral data layer on top of the standards that lets applications work seamlessly with any kind of SBOM.

Protobom can be integrated into both commercial and open source applications, which will promote SBOM adoption, and make SBOM creation and consumption easier and cheaper. Protobom tooling can access, read and translate SBOMs in various data formats thus providing seamless interoperability. By integrating Protobom into applications that link SBOM information with external records of vulnerabilities and severity information from trusted sources, the applications can provide information on available patches and mitigations.

“To defend against the increasing number of software attacks, it’s critical to utilize innovative tools that create a more transparent software supply chain,” said Melissa Oh, Silicon Valley Innovation program managing Director. “DHS is tapping into the startup community to develop technology that will shine a light on risks within supply chains and bolster the overall cybersecurity of organizations.”

“Vulnerabilities in software are a key risk in cybersecurity, with known exploits being a primary path for bad actors to inflict a range of harms. By leveraging SBOMs as key elements of software security, we can mitigate the risk to the software supply chain and respond to new risks faster, and more efficiently,” said Allan Friedman, CISA senior advisor and strategist. “Protobom is a step towards greater efficiency and interoperability by translating across the widely used formats so that tools and organizations can focus on what’s important. It is a positive solution that helps shape a more transparent software-driven world.”

“Hosting Protobom marks a pivotal moment for OpenSSF and our work to secure open source software,” said Omkhar Arasaratnam, general manager of OpenSSF. “Protobom not only simplifies SBOM creation, but also empowers organizations to proactively manage the risk of their open source dependencies. The security of open source software requires partnership between the public sector, private sector and the community. The OpenSSF is proud to be a part of this mission.”

To energize the market and encourage adoption of SBOMs, CISA and DHS S&T’s SVIP collaborated and funded a cohort of seven startups to develop Protobom. This cohort included AppCensus, Inc., Chainguard, Inc., Deepbits Technology, Inc., Manifest Cyber, Inc., Scribe Security, TestifySec, and Veramine, Inc.

CISA, DHS S&T and the OpenSSF look forward to the continued partnership and collaboration on critical initiatives to improve the security of the open source software ecosystem. The Protobom project is a free resource for the continued evolution of software supply chain visibility and security. To learn more about Protobom, including how to support and contribute to the project, please visit the Protobom website and GitHub.

About the OpenSSF

The Open Source Security Foundation (OpenSSF) is a cross-industry initiative by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaborating and working upstream and with existing communities to advance open source security. For more information, please visit us at openssf.org.

About CISA

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram.

Media Contact

Jennifer Tanner
Look Left Marketing
openssf@lookleftmarketing.com

你可能喜歡

NewCold Invests in Leading-Edge Food Storage and Logistics in Southern Alberta

GlobeNewswire

CALGARY, AB, April 29, 2024 — NewCold, the fast-growing leader in advanced automated warehouse and cold chain logistics, announced plans today to invest $222 million and create over 50 new jobs in Alberta’s agri-food sector. With support from Invest Alberta and a grant from the Government of Alberta,

Louisiana Small Business Owner Named 2024 National Small Business Person of the Year

GlobeNewswire

Washington State Cleaning Company Founder Saluted as Runner-Up WASHINGTON, April 29, 2024 — Today, Administrator Isabel Casillas Guzman, head of the U.S. Small Business Administration and the voice in President Biden’s Cabinet for America’s more than 33 million small businesses, named Iam C. Tucker of Integrated Logistical

Lee Health’s Golisano Children’s Hospital of Southwest Florida Enhances Support and Care for Patients with Autism Spectrum Disorders (ASD)

GlobeNewswire

The only pediatric hospital in the region has been designated as the first Certified Autism Center™ in Florida and is now outfitted with the area’s first sensory-friendly ambulance Golisano Children’s Hospital of Southwest Florida announces SEA STAR program Alyssa Bostwick shares details on the first-of-its-kind Sensory Training Autism Readiness program

Anik Singal to Electrify as a Celebrity Speaker at the Connected Leaders Academy (CLA) Global Summit

GlobeNewswire

Silver Spring, April 29, 2024 — Silver Spring, Maryland – Anik Singal, an acclaimed entrepreneur, bestselling author, and renowned speaker, is slated to be a celebrity speaker at the Connected Leaders Academy Global Summit organized by the Connected Leaders Academy. The event aims to bring together up

nomnom Launches Summer Sweepstakes to Catch the Colorado Rockies Live in Action

GlobeNewswire

SPOKANE, Wash., April 29, 2024 — nomnom, a wholly owned subsidiary of Par Pacific Holdings, Inc., is taking a lucky rewards customer and a friend out to a Major League Baseball game during its “Bases Loaded Fly-Away Sweepstakes.” From May 1 to July 31, nomnom rewards members will have

UMKC Announces New Bachelor of Architecture Program

GlobeNewswire

First public university in Missouri to offer a Bachelor of Architecture degree UMKC Bachelor of Architecture Program UMKC architecture students work on models. Photo by Brandon Parigo | UMKC Kansas City, Missouri, April 29, 2024 — The University of Missouri-Kansas City will launch a Bachelor of Architecture program

Stop Blocked Stormwater Drains with Fix-It Right Plumbing Before Winter Hits and Heavy Rains Flood One’s Yard and Garage

GlobeNewswire

Melbourne, April 29, 2024 — Melbourne, Victoria – With winter looming and heavy rains on the horizon, homeowners are urged to take proactive steps to prevent blocked stormwater drains and potential flooding in their yards and garages. Neglecting stormwater drain maintenance can lead to costly damage and inconvenience.

TiiCKER Honored as Silver Stevie® Award Winner In 2024 American Business Awards®

GlobeNewswire

Shareholder Loyalty Platform TiiCKER Recognized as One of the Most Innovative Tech Companies GRAND RAPIDS, Mich., April 29, 2024 — TiiCKER, the world’s first and largest verified shareholder loyalty and engagement platform, was named the winner of a Silver Stevie® Award in the Most Innovative Tech Company of

Q1 2024 Sees a 9.5% Surge in Ecommerce Revenue Amidst Compression of Gross Margins and Return on Ad Spend

GlobeNewswire

CommerceIQ’s State of Retail Ecommerce Report also reveals economic strains with 7.4% decline in gross margins and reduced advertising returns. PALO ALTO, Calif., April 29, 2024 — CommerceIQ, the leading retail ecommerce management platform, today released its State of Retail Ecommerce Report for Q1 2024, which saw

MAP Plumbing Emerges as Premier Plumbing Service Provider in West Palm Beach

GlobeNewswire

Lake Worth Beach, April 29, 2024 — Lake Worth Beach, Florida – MAP Plumbing, a trusted family-owned and operated plumbing company, is rapidly gaining recognition as one of the top plumbing services in the West Palm Beach area. With a commitment to professionalism, reliability, and customer satisfaction, MAP

Extensiv Market Insights Data Shows Amazon’s Volume Skyrockets by 40% YoY, While Shopify Orders Climb 15%

GlobeNewswire

Data Contrasts Industry Leaders and How Amazon and Shopify Navigate YoY Growth Amidst QoQ Fluctuations EL SEGUNDO, Calif., April 29, 2024 — Extensiv — delivering omnichannel software solutions for warehouse, inventory, and order management — today announced a summary of key findings from its 1Q

FUJIFILM Electronic Materials, U.S.A., Inc. Earns 2023 Supplier Excellence Award from Texas Instruments

GlobeNewswire

NORTH KINGSTOWN, R.I., April 29, 2024 — FUJIFILM Electronic Materials, U.S.A., Inc. today announced that it earned a Texas Instruments 2023 Supplier Excellence Award in the Chemicals category. FUJIFILM Electronic Materials joins an elite group that meets TI’s standards for excellence, having demonstrated exemplary

MaxxBuild’s Founder John Altizer on Tariffs on China-made Products: Political Feuds in the Way of Import-Export Dynamics

GlobeNewswire

Since 2018, US tariffs on imports coming from China have been increasing. What are the implications of rising tariffs for customers and China-based businesses, such as MaxxBuild? Macau, China, April 29, 2024 — Disputes between two countries always affect civilians the most. Sometimes, these feuds are far from

CDSG ADDS GOLD PROJECT IN TANZANIA

GlobeNewswire

Las Vegas, NV., April 29, 2024 — China Dongsheng International, Inc. is pleased to announce CDSG has entered into a co-production agreement with an individual based in Tanzania to recover gold from a large alluvial gold field within the active Nachingwea

CentralReach Receives Attestation of Compliance with EU-U.S., U.K. Extension, and Swiss-U.S. Data Privacy Frameworks

GlobeNewswire

FORT LAUDERDALE, Fla., April 29, 2024 — CentralReach, the leading provider of autism and IDD care software, announced today that the company has received its fourth consecutive year of attestation that it complies with European, U.K. and Swiss data protection and privacy laws through verification of compliance with

Beverly Hills Teddy Bear Company Commemorates 30 Years of Unmatched Creativity and Quality

GlobeNewswire

Beverly Hills Teddy Bear Company celebrates three decades of being a leader in the plush toy industry, driven by innovation and dedication to creating a world of fun. Santa Clarita, California, April 29, 2024 — Beverly Hills Teddy Bear Company , a full spectrum toy manufacturer, proudly celebrates

Results Thru Strategy and ICR Announce Strategic Partnership

GlobeNewswire

CHARLOTTE, N.C. and NEW YORK, April 29, 2024 —  Results Thru Strategy , strategic advisor to restaurant brands, technology companies, and investment firms, and ICR, a leading strategic communications and advisory firm, today announced its partnership for complementary service support across their joint client base. Through this partnership,

The AGCO moves to revoke the liquor licence of Club 33 in Hamilton

GlobeNewswire

TORONTO, April 29, 2024 — The Alcohol and Gaming Commission of Ontario is moving to revoke the liquor sales licence of Hamilton bar Club 33, for alleged repeated violations of the Liquor Licence and Control Act, 2019 . The AGCO is taking this step following a comprehensive

Flash News: OKX Launches Earth From Another Sun NFT Whitelist Giveaway

GlobeNewswire

SINGAPORE, April 29, 2024 — OKX, a leading Web3 technology company, has issued updates for April 29, 2024. OKX Launches Earth From Another Sun NFT Whitelist Giveaway OKX is thrilled to announce the launch of its Earth From Another Sun NFT Whitelist Giveaway. EFAS, a Solana- and

Energy As A Service Market size worth $ 101270.8 Million, Globally, by 2031 at 6.17% CAGR – Report By Verified Market Research®

GlobeNewswire

Elevate Your Energy Efficiency: Dive into the Lucrative Energy-as-a-Service Market! Explore Opportunities, Trends, and Growth Drivers in Our Comprehensive Market Analysis. Uncover Key Insights and Maximize Profits Today Lewes, Delaware, April 29, 2024 — The Global Energy As A Service Market is projected to grow at a CAGR