Parasoft announces the opening of its new office in Northeast Ohio.
Lineaje announced SBOM360 Hub, a software bill of materials (SBOM) repository.
With SBOM360 Hub, software suppliers to US agencies and software consumers at federal agencies can meet Executive Order 14028 requirements by accurately populating the Secure Software Development Attestation Form, streamlining compliance requirements, and providing a confidence for participating parties.
With SBOM360 Hub organizations can manage their software distribution chain with a unified platform that enables frictionless sales between the producers and consumers of software.
Features include:
- Software Producers and Sellers can now create and publish approved, attested, assessed, compliant SBOMs, self-attestation forms and related artifacts from for their products, map them to SKUs they sell and share privately with their customers and distribution chain in minutes.
- Software Distributors and Resellers can request SBOMs and related artifacts from their vendors, make available to their n-tier distribution, and share with their customers, using a single click.
- Software Consumers can simply subscribe to SBOM360 Hub, and search and request access to specific vendor SBOMs and related artifacts in one place. They can also communicate directly with their vendors to request all SBOMs and related artifacts needed for evaluation, purchase, and compliance.
- Automated Updates as software changes, new versions are released or new vulnerabilities in the software become known.
- Comprehensive security profiles of all open source dependencies of these commercial products that are located within seconds
- Identify Trends in the security profile of each software component enabling better roadmap planning and collaboration across the software distribution chain.
Industry News
Postman released v11, a significant update that speeds up development by reducing collaboration friction on APIs.
Sysdig announced the launch of the company’s Runtime Insights Partner Ecosystem, recognizing the leading security solutions that combine with Sysdig to help customers prioritize and respond to critical security risks.
Nokod Security announced the general availability of the Nokod Security Platform.
Drata has acquired oak9, a cloud native security platform, and released a new capability in beta to seamlessly bring continuous compliance into the software development lifecycle.
Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.