The Community is now in read-only mode to prepare for the launch of the new Flexera Community. During this time, you will be unable to register, log in, or access customer resources. Click here for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bkelly
By
Flexera Alumni

Flexera One users will notice the availability of a new root-level menu item, “SBOM Management.” This is the first of multiple planned steps to integrate Revenera’s SBOM capabilities with Flexera One.

Why the Software Supply Chain Matters

There’s more to modern software than meets the eye. A single software application includes various parts from multiple developers and components from third-party providers—all delivered via different systems from both inside and outside a software vendor’s organization. Net—the software applications you use throughout your enterprise are complex.

Vulnerabilities—like Log4j—do happen. Quickly knowing where you might have an issue is critical to ensuring a high level of data security.  

SBOM Insights ingests data from a wide range of sources and then unifies all internal and external SBOMs into a single, actionable view.

bkelly_0-1677515857495.png

 

bkelly_1-1677515857615.png

 

SBOM Insights for Inventory Management

With SBOM Insights, you not only have the ability to identify and record all third-party IP through a complete and accurate SBOM, but to collect your SBOM parts from multiple sources—in various industry formats—in the cloud. This method of cloud inventory management provides full visibility to all third-party components to designated users within your organization.

Building software? SBOM Insights creates transparency into the complete makeup of not just the software you use, but also what you build for both your customers and downstream supply chain partners at any time.

SBOM Insights creates an active repository—with actionable data—of what’s in ALL your applications. With everything coming from your enterprise catalogued, when the next high-profile vulnerability hits, you have the unified data at your fingertips to quickly uncover your exposure and expediently fix problems in all of the software components coming from inside and outside your organization.

Revenera SBOM Insights gives you the ability to manage security and legal risk by maintaining an actionable SBOM in the cloud.

Have questions? Reach out to @alexrybak or @kemorton for more.

(7) Comments
Big_Kev
By Level 7 Champion
Level 7 Champion

Curious, what does SBOM acronym stands for ? 

TIA

 

bkelly
By
Flexera Alumni

SBOM = Software Bill of Materials. Essentially the components that comprise any given software offering. These components within your software may have security and licensing implications. A more thorough explanation can be found here. A FAQ on SBOM Insights offers more here

alexrybak
By Revenera
Revenera

Hi All,

I am a member of Revenera’s OSPO and cybersecurity teams, and I wanted to make everyone aware that the National Cybersecurity Strategy (https://lnkd.in/gB9Su3mk) was published on March 2nd. Lots of collaboration between the public and private sector went into this strategy and it is a very significant milestone in the ultimate goal of improving the nation's cybersecurity.

Whether your organization is a software and/or a software buyer, this is worth following for future developments as new legislation follows the strategy.

Here's a few of my initial thoughts:

  • It is great to see references to the importance of SBOMs
  • Make sure your security controls are periodically assessed for conformance with emerging risks as these regulations further evolve
  • Make sure your OSPO and Cybersecurity teams are discussing alignment to mitigate potential product liability problems in the near future

For more information, please take a look at how we can help with SBOM Management at https://www.revenera.com/software-composition-analysis/products/sbom-insights.

GerdaZ
By
Level 3

@alexrybak How is it licensed? Included in Flexera One or seperate?

 

jq3i4h9u
By
Level 6

US Department of Commerce

The Minimum Elements For a Software Bill of Materials (SBOM) Pursuant to Executive Order 14028 on Improving the Nation’s Cybersecurity

https://www.ntia.doc.gov/files/ntia/publications/sbom_minimum_elements_report.pdf

alexrybak
By Revenera
Revenera

Our SBOM management solution (SBOM Insights) generates SBOMs in SPDX, CycloneDX, and human-readable formats, and is compliant with NTIA's minimum standard. It also includes licensing, copyright, associated files, and security data (via associated reports) that goes beyond the minimum standard.

alexrybak
By Revenera
Revenera

@jq3i4h9u, SBOM Insights is licensed separately from Flexera One. Please reach out to your CSM or account manager for more information.