Google Releases Opensource Security Tool To Centralize SBOM Management

Google Releases Opensource Security Tool To Centralize SBOM Management

Did you miss the MetaBeat 2022 session? Visit the required libraries for all of our featured sessions here .

>>Don't miss our special issue: How data protection is changing marketing.<<

Open source security has become a key topic in enterprise security this year. Following software supply chain attacks targeting vendors such as SolarWinds and Colonial Pipeline, President Biden has urged companies to create an accurate software bill of materials (SBOM).

To support these efforts, Google announced the launch of a new open source project called Graph for Understanding Artifact Composition (GUAC), a tool that can integrate security metadata from multiple open source projects and display it in a single framework. pictograms.

GUAC allows users to query metadata such as SBOM, SLSA lineage, and scorecard documents to ensure the integrity and security of the software supply chain.

event

Low code/no code assembly

Join today's top leaders at the Low-Code/No-Code Summit on November 9. Sign up for your free pass today.

register here

For businesses, GUAC offers a solution to audit open source software and increase transparency on SBoms used in other open source solutions.

Software Supply Chain Audit

The announcement comes amid a wave of attacks against software supply chains that are expected to grow 300% by 2021. Software vendors acknowledge that threat actors are actively trying to exploit open source vulnerabilities, especially open source vulnerabilities. popular as Log4j.

It's part of an ongoing collaboration between Google and groups like OpenSSF, SLSA, SPDX, and CycloneDX, who have joined the SLSA build, SLSA3 GitHub Action Builder, and vulnerability database software to provide easier access to SBOM. .

The goal of SBOM is to create a central tool for integrating multiple open source projects to improve overall open source security.

"EO and OMB [Office of Management and Budget] requirements have led to a significant increase in the creation of SBOM and other software metadata," said Brandon Lum, senior software engineer in Google's open source security group. . But what do we do now that we have a sea of ​​metadata documents? GUAC software provides a way to understand the chaos of metadata. »

The visibility of this metadata plays a critical role in enabling organizations to manage open source software security and dependencies.

“The effectiveness of risk policy and management depends on the quality of available software metadata. GUAC provides a deep dive into an organization's software catalog, enabling better visibility, automation, and risk management,” said Lum.

The data sources from which GUAC can extract data include open and public data sets, such as OSVs, proprietary internal repositories, and third-party solutions, such as internal systems of data providers. In particular, GUAC imports data about artifacts, projects, resources, vulnerabilities, repositories, and developers.

What role does open source play in security?

For CISOs, GUAC software provides a solution to identify supply chain vulnerabilities.

According to the announcement blog post, users can identify critical components, vulnerabilities, dangerous dependencies, and binaries in a securely managed repository and eventually locate them in the software supply chain. Avoid commitments.

VentureBeat's mission is to create a digital public space for technology decision makers to learn and do business with transformative business technologies. Find our brief description.

Comments

Post a Comment

Popular posts from this blog

Opinion: The Growing Impact Of Digital Marketing On Consumer Behaviour

Image
As consumers become exceptionally good researchers when it comes to making a purchase decision, the author lists digital marketing strategies for marketers. October 28, 2022 08:02:00 | Items | Ashtha Beecham While traditional marketing is limited to a local, at most national, audience, digital marketing, on the other hand, expands the market to reach everyone who connects online. According to a McKinsey report, “The Covid-19 crisis has accelerated the digitization of customer interactions around the world by years.” The first rule of marketing is to have the right offer in the right place at the right time. Digital marketing helps brands reach their ideal customers where they are today: ONLINE. A healthy digital marketing mix today includes email marketing, content marketing, social media marketing, lead generation campaigns, search engine optimization, digital outdoor, public relations online, mobile marketing, online content, branding and influencer marketing. What is consumer...
Read more

Ageless Media Announces Branding Strategy & Marketing Services In Seattle

Image
Seattle, USA - April 27, 2023 - With newly announced branding services, Ageless Media helps companies and entrepreneurs create unique visual identities and compelling messages. Agency professionals work with companies to develop an integrated branding strategy that will resonate with their target audience. Interested can get more information at https://www.agelessmedia.co/ With this announcement, Ageless Media introduced established companies to the need for a new brand, and new companies began building their brand endorsements to create a unique and effective social media presence. Companies can create targeted social media profiles, Facebook ads, Google ads, professional landing pages that link to all social media platforms, and more. Another important component of Ageless Media's brand new services is web design In today's highly digital world, a business's website is primarily its storefront, so it's important that the website and all online branding is aest...
Read more

What Are The Brands Strategies For Marketing During Indias Festive Times

Image
In a country like India where buying decisions are largely driven by emotions, the holiday season gives your customers the added benefit of reminding them of Indian culture by associating them with your products. The holidays provide a great opportunity to reconnect with current and potential clients or clients. During the festival you can develop effective marketing strategies that will help you communicate more effectively with your customers or clients. Internet sales also increase during the festival. Fintech simplifies and accelerates processes in general; The holiday season is simply a high-volume season. The holiday season is a great time to showcase your range of products, launch new products and services, and reach a wider audience. Banks and financial institutions offer a wide range of flexible solutions such as working capital, debt, supply chain finance, machinery finance, microfinance, commercial vehicle loans, commercial equipment loans, etc. As of September 9, 2022, pu...
Read more