New National Cybersecurity Strategy Will Require Compliance, Collaboration

The Biden administration’s recently released National Cybersecurity Strategy goes beyond the executive order it issued in 2021, which defined security measures any organization doing business with the federal government must follow. As our white paper details, the strategy shifts cybersecurity liability “away from individuals, small businesses, and local governments, and ... Read More

Beyond SolarWinds: 6 More Notable Software Supply Chain Attacks

SolarWinds has become almost a household name and for all the wrong reasons: beginning in 2019, the system management company was the target of one of the largest software supply chain attacks in history. Software supply chain attacks are especially insidious because they target organizations by going after their third-party ... Read More

Get to Know KEV In Our New Research Report

Do you know KEV? You should, because hackers do! Rezilion’s research team just released a new report, which highlights the critical importance of Known Exploited Vulnerabilities (KEV). Specifically, our research uncovers that although KEV catalog vulnerabilities are frequent targets of APT Groups, many organizations are still exposed and at risk ... Read More

New Research Reveals Millions of Systems Remain Exposed to Known Exploited Vulnerabilities

BE’ER SHEVA, Israel — Rezilion announced today the release of the company’s new research, titled “Do you know KEV? You should (because hackers do)!” The report finds that although KEV catalog vulnerabilities are frequent targets of APT Groups, a large and exploitable attack surface remains due to software vendors’ lack ... Read More

SCA and CI/CD: The Most Delicious Alphabet Soup

In the continuous delivery (CI)/continuous delivery (CD) pipeline, one of the key ingredients to add to the pot is software composition analysis (SCA), an automated process that identifies the open source software in a codebase. We know that app development teams are under pressure to deliver releases with new features ... Read More

What Will it Take to Establish a Ground Truth for SBOMs?

A Software Bill of Materials – also known as an SBOM – has emerged as another effective tool in the arsenal as organizations look to secure their supply chains. But there is currently a lack of standardization for SBOMs, making it challenging to establish a ground truth. Use of SBOMs ... Read More

What’s in an SBOM?

More and more organizations are deploying a software bill of materials (SBOM) to identify and track the various components of the software products they develop or use. The goals of using SBOM might include a desire to enhance software security, comply with U.S. federal government mandates, improve the software supply ... Read More

Why an SBOM is Essential for Software Compliance

A software bill of materials (SBOM) can be a powerful tool for enhancing security through improved vulnerability management. It can also help organizations meet their software licensing compliance requirements—no small consideration given how much software a typical organization uses. License management “was an early use case for SBOM, helping organizations ... Read More

How To Align Your SBOM with the US Government Executive Order

One of the requirements of Executive Order 14028, issued in May 2021 and designed to improve the nation’s cybersecurity, is that software producers who supply the federal government provide a software bill of materials (SBOM) for each product. An SBOM is a formal record containing the details and supply chain ... Read More

SBOM Problems and Inaccuracies Can Hamper Usability

Overcoming SBOM problems can be challenging. But the value of an SBOM – also known as a Software Bill of Materials – is generally undisputed: They provide much-needed visibility into the details of open source and proprietary software components and the supply chain. Their intent is to give developers, buyers, ... Read More