Open source software security is always in the spotlight. Every time there is a cyber attack, a lot of time and effort is required to detect not just when, where and how it occurred, but also to measure the real impact on the applications and services that are running in digital environments. Recent cyber-attacks have highlighted the general lack of knowledge about code dependencies and attacks on the software supply chain.
A Software Bill of Materials (SBOM) helps organisations to meet new domestic and international cyber security requirement laws. Supply chains point out the relationships between the various components used in building software. These components include libraries and modules. They can be open source or proprietary, and free or paid.
Why are SBOMs needed?
An SBOM is a list of all the open source and thirdparty components present in a codebase. It also lists the licences that govern those components, the versions of the components used in the codebase, and their patch status. This helps security teams to quickly identify any associated security or licence risks.
An SBOM provides a machine readable list of components of the software and its dependencies. As it has become a key component for cloud security for private and government organisations, it is estimated that 88 per cent of organisations will use SBOMs by the end of 2023.
Similarly, smart organisations that build software maintain an accurate, up-to-date SBOM, which includes an inventory of third-party and open source components to ensure that their code is of high quality, compliant, and secure.
SBOMs and cyber security
This story is from the April 2023 edition of Open Source For You.
Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 8,500+ magazines and newspapers.
Already a subscriber ? Sign In
This story is from the April 2023 edition of Open Source For You.
Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 8,500+ magazines and newspapers.
Already a subscriber? Sign In
How Much Open Source Is Too Much Open Source?
Intel’s OpenVINO toolkit helps developers by streamlining code writing, freeing them to concentrate on other vital project aspects. Al Evangelist at Intel, Anisha Udayakumar, elucidates on OpenVINO's versatility.
Kubernetes: A Dependable and Popular Platform
Kubernetes is more than just a tool; it serves as a robust platform, streamlining the deployment of applications, as well as their scaling and operation in various environments.
APIs: Helping Applications Communicate and Collaborate
Application programming interfaces APIs) have become integral components that facilitate seamless communication and interaction between different software systems. They play a pivotal role in modern software development, contributing to interoperability, scalability, and innovation across diverse applications. We delve into the fundamentals of APIs, exploring their definition, functions, types, and the significant impact they have on the digital landscape.
Languages for AI/ML: A Quick Look at Python, R, and Julia
We explore three open source languages used for Al/ML—Python, R, and Julia—highlighting their key features and advantages. You will get to know the diverse options these offer for A/ML development, so that you can select the right language for your project.
The Cost of Inaction: Exploring the Consequences of Ignoring lloT Security Risks
As Industrial loT IloT) integration surges, so do security concerns. Let’s delve into the rising threat landscape and the role of the security model in fortifying lloT defences and safeguarding critical infrastructure.
Ensuring Ethics in AI and Mitigating Bias
As AI solutions proliferate, ensuring they are not biased with respect to gender, religion, financial status, etc, has become of paramount importance. The good news is that there is a lot of work being done on that front.
Open Source Tools for Generative Al: An Introduction
Open source generative Al tools are software programs and libraries that enable users to generate creative and novel output using Al algorithms. They are smart and powerful, and enable various forms of content generation.
PHP Geek, FOSS Enthusiast, CTO and a Paediatrician
‘PHP geek, free and open source software enthusiast, CTO chief technical officer) of SANIsoft’ that’s how Dr Tarique Sani likes to describe himself. He’s qualified to be a paediatrician, but his love for open source has turned him into a geek for the past two decades and more. He recalls the good old days...
The Transformative Impact of Generative AI on Organisations
Generative Al is impacting organisations for the better. End users, company employees, developers and operations teams are all benefiting from it.
"Open source allows us to lower costs, accelerate delivery, and customise solutions to meet the market's fast-paced demands"
Open source is crucial for cost reduction and accelerated delivery of tailored solutions to meet market demands. At OSI 2023, OSFY’s Yashasvini Razdan got a chance to speak to Dr Biswajit Mohapatra, Head, Customer Solutions at Amazon Web Services, who spoke about how open source empowered businesses with flexibility, experimentation, and agile methodologies for genuine customer satisfaction.
