en OpenChain Telco SBOM Guide
The telecom industry's OpenChain Telco Workgroup has published its own Telco specific SBOM recommendations.
en PCI DSS 4.0 and SBOM
With version 4.0, PCI DSS aims to promote security as a continuous process with visibility into the product's component inventory and continuous vulnerability management. These requirements are best automated using a Software Bill of Materials (SBOM).
en All about CycloneDX 1.6
CycloneDX 1.6 SBOM takes a quantum leap with support for CBOM and CDXA attestations.
en xz backdoor: 5 Lessons
CVE-2024–3094 — also known as xz-backdoor or xz-trojan — is the most concerning software supply chain attack to date.
en Secure Software Development Attestation Form [Final]
Interlynk has mapped out self-attestation requirements in an easy-to-follow format to help organizations get a head start.
en SBOM Requirements for CRA
CRA uses the Software Bill of Materials (SBOM) to describe, record, and monitor product security.
en EU CRA and SBOM
CRA seeks to protect consumers and businesses from products with inadequate security. To achieve this, CRA imposes cybersecurity obligations on all products with digital elements (‘PDE’) commercially sold in the EU markets.
en SBOM in Action : Ivanti Pulse Firmware
SBOM empowers customers to incentivize security-aware decision-making.
en PLB-SBOM Or: How to Assemble SBOM for a Group of Products
CISA’s SBOM Tooling and Implementation Working Group published - "Guidance on Assembling a Group of Products”.
en 5 Key Insights from the Latest SBOM Adoption Research
Researchers from Northwave Cyber Security and TU Delft in the Netherlands have tackled the issue of SBOM adoption from a business stakeholder’s standpoint.
en The 5 Most Common Problems in SBOMs
en Complying with NSA SBOM Recommendations
The Interlynk platform has been designed with NSA SBOM use cases in mind, making it a comprehensive fit for all recommended capabilities.
en Implementing Minimum Requirements for VEX
We breakdown the field mappings of Minimum Requirements to CycloneDX VEX and OpenVEX.
en FAR Cyber compliance proposal: Requirements and Implications
Department of Defense (DoD), General Services Administration (GSA), and NASA proposed a set of changes to the Federal Acquisition Regulation (FAR) to implement the requirements originating from EO14028.
en SEC Cybersecurity Disclosure: Requirements and Implications
SEC sets in motion standardized reporting requirements for U.S. public companies and foreign private issuers.
en All about SPDX 3.0
Interlynk summarizes key features of SPDX 3.0 and their use cases.
en SBOM Compliance: FAQ
Frequently questions asked about SBOM
en sbomasm: SBOM Assembly for Software Products
Learn more about Interlynk’s free and open-source tool, sombasm, that solves the SBOM assembly problem.
en National Cybersecurity Strategy Implementation Plan & Implications
A roadmap for coordinating the efforts toward meeting strategic objectives set with the National Cybersecurity Strategy.
en All about CycloneDX 1.5
en The need for SBOM — Part 2
SBOM risks are associated with the software of unknown composition, including: - the risk of including components with a restrictive license - end-of-life components, or - components influenced by nation-state actors.
en VDR, VEX, OpenVEX and CSAF
SBOM adopters proposed new standards as well as updates to existing standards to specify the status of each vulnerability alongside the SBOM itself.
en SBOM-a-RAMA ’23 : Key Updates
SBOM-a-RAMA was hosted by CISA with participation from FDA, NTIA in the US, European Commission from the EU, and METI from Japan.
en Open Source Licenses in SBOMs
SBOMs enable organizations to identify vulnerabilities, track open-source usage, and ensure compliance with obligations.
en Self-Attestation for M-22–18
CISA has rolled out the specifics of the self-attestation form for public comments.
en The need for SBOM — Part 1
Transparency is the fundamental challenge in securing software with unknown composition, and SBOM, at its core, is attempting to solve this.
en Towards cybersecure medical devices
FDA now requires a plan to address postmarket vulnerabilities and to have a process in place for critical vulnerabilities.
en The need for software disclosures
Interlynk believes software disclosure should be easy, obvious, and automated.