Interlynk

Happy Thanksgiving Everyone !!! ?? - The Interlynk Team

Appreciate the kind words/review from the Interlynk.io team. If you're not familiar with their solutions, you should be! Want to see how well your vendor is generating an SBOM and whether it's compliant with one of the many global standards? Then check out sbomqs, the SBOM scorecard utility. https://lnkd.in/g-PUncTR Reality is that vendors will often sell you on the fact that they can create an SBOM. But what's in that SBOM? Will the format be usable by SBOM consumers? Is it compliant? Does it have the required minimum elements? This tool alone can help you answer these and many other questions. And did I mention it's free? 8-) And of course once you start down your SBOM journey and realise generating SBOMs is relatively trivial but managing the lifecycle of SBOMs is the hard part, then the team have the most comprehensive platform available with features you don't even realise you need - yet.

?? What we are reading at Interlynk ?? As the US food coma day approaches, our team can’t get enough of the Software Supply Chain. We’re diving into these books to stay sharp—and have a little fun along the way! ?? Software Supply Chain Security by Cassie Crossley : https://a.co/d/hPORhRm ?? Software Transparency by Chris Hughes and Tony Turner : https://a.co/d/4GiPOl8 ?? Introduction to SBOM and VEX by Tom Alrich : https://a.co/d/iDMR31s ?? SBOM Top Ten Tips by Nigel Hanson : https://a.co/d/2kA4SIr plus two bonus recommendations inside by ?? Richard Seiersen, Doug Hubbard, (https://a.co/d/buUFN5o), and ?? Rick Howard (https://a.co/d/aBQXtbC)

?? Secure Software Lifecycle Guidance from BSI ?? Secure software and hardware are the foundation for the safe use of IT products in government, business, and society. To support this, Germany's Federal Office for Information Security (BSI) urges manufacturers to prioritize information security from the beginning and simplify secure product usage through secure default configurations. In this context, BSI released a Technical Guideline (TG) to align with the BSI IT-Grundschutz (IT Basic Protection) requirements for secure software development processes. European Union's Cyber Resilience Act (CRA) emphasizes cybersecurity for IT products throughout their entire lifecycle. This legislation obligates manufacturers to conduct thorough risk assessments and maintain a high information security standard. TG-03185 establishes guidance to achieve that. #SBOM #TechnicalGuiance #SecureSoftwareDevelopment #BSI

?? SBOM Beyond Compliance ?? Are you building SBOM to meet PCI DSS, CRA, NIS2, DORA, EO14028, or other global requirements? Great! But what's the role of SBOM if your release is months away? A good SBOM program should be: ?? Preventing malicious components from entering your builds ?? Ensuring too-new or too-old components get approved first ?? Deliver a practical patching plan instead of "upgrade everything" ?? Warning you about likely concerns with the compliance Learn more by signing up for Interlynk newsletter at: https://www.interlynk.io/ #SBOM #BuildBetterSBOM

?? ?? Australia's Annual Cyber Threat Trends for Individuals ?? ?? ?? ID fraud, online shopping, and banking make up over 50% of incidents ?? 1 in 3 individuals had personal data breached #Cybersecurity #AnnualReport #Australia #ASD #SupplyChainSecurity

?? Friday = SBOM Jobs Day! ?? Are you looking to advance your career in software supply chain security? Several leading companies hire professionals with SBOM expertise to help ensure product security and compliance with regulations like the US FDA, EU NIS2, EU DORA, US Executive Order 14028, EU Product Liability Directive (PLD), EU Cyber Resilience Act (CRA) and PCI DSS4.0. If you're passionate about securing open-source software and third-party components, these roles offer a fantastic opportunity to be at the forefront of innovation in SBOM automation and software security. Check out the open positions and take the next step in your career! ???? [Northrop Grumman] ?Sentinel Principal Engineer DevOps – 13068-1 & 13529 https://lnkd.in/gMXnM3iJ [National Life Group] Sr. Engineer, Cybersecurity (Application Security) https://lnkd.in/gRNSPeBM [Allison Transmission] Product Cybersecurity Engineer https://lnkd.in/gS72cxbi [Micron Technology] Digital Security Engineer - TPG https://lnkd.in/gWY9gQFq [Micron Technology] Digital Security Architect - TPG https://lnkd.in/gCPK7cbB Good luck, and reach out to Interlynk if you need help getting started: https://lnkd.in/gikYTtSY #SBOM #Cybersecurity #SoftwareSecurity #SupplyChainSecurity #Compliance #Hiring #OpenSource

#IYKYK #SBOM

?? DORA and the Role of SBOM ?? 65 Days to DORA - The Digital Operational Resilience Act! DORA aims to strengthen the cyber resilience of financial entities within the European Union. While the Act doesn’t explicitly mandate using an SBOM, incorporating one into the software lifecycle enables financial institutions to better manage third-party risks. SBOMs enhance compliance by improving the transparency of software components, which is essential for quickly addressing vulnerabilities. DORA strongly emphasizes robust ICT risk management frameworks to ensure operational resilience. An SBOM supports these efforts by creating a comprehensive inventory of software components and identifying known vulnerabilities. Furthermore, DORA requires effective risk management across the entire ICT supply chain. SBOMs facilitate this by highlighting malicious, deprecated, end-of-life, or vulnerable components within the supply chain, providing a clearer view of potential risks. The Act also mandates resilience testing and incident response capabilities. SBOMs are designed to minimize response times for zero-day vulnerabilities by tracking software components and their associated vulnerabilities. Additionally, DORA aligns with global standards like the NIS2 Directive. SBOM adoption helps bridge compliance with both frameworks, promoting unified practices while preparing organizations for other software transparency requirements, such as the Cyber Resilience Act’s SBOM mandates. Learn about the role of SBOM with DORA and other regulations here: https://lnkd.in/gD2X5ssY

?????? Less than 24 hours to MEDevice Silicon Valley ?????? Meeting FDA cybersecurity compliance is not just about building SBOM. It is about having a program that takes on challenges like inconsistent data management, open-source monitoring, and collecting metrics to demonstrate responsible behavior throughout the product lifecycle. Meet with us during MEDevice (Nov 20-21) to learn more: https://lnkd.in/ga2F3g29 #MEDevice #SBOM #FDA #Compliance #CyberSecurity #MedTech #MedicalDevices