all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

An Open Source Maintainer’s Best Practice: How to Use SBOMs to Root Out Project Vulnerabilities

Add to bookmarks
Oct. 25, 2022, 8:25 p.m. | alinskens@sonatype.com (Aaron Linskens)

Sonatype Blog blog.sonatype.com




Sonatype has partnered with the Cloud Native Computing Foundation (CNCF) for Security Slam, an event to help improve the security of open source projects. To extend the value of this event, we created a series of blog posts on best practices for open source maintainers.


Here in the second post of our series, we explore how your project can benefit from the use of a software bill of materials (SBOM).


best practice devzone events and webinars open source open source best practices practice project root vulnerabilities

Visit resource

More from blog.sonatype.com / Sonatype Blog

DevOps pioneers navigate organizational transformation 14 hours ago | blog.sonatype.com
depth devops devops transformation download +13
Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens' 2 days, 16 hours ago | blog.sonatype.com
cases dependency dependency confusion flood +19
The essential duo of SCA and SBOM management 6 days, 17 hours ago | blog.sonatype.com
application application security attacks duo +16
Automating and maintaining SBOMs 1 week, 6 days ago | blog.sonatype.com
artifact automation bill components +11
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma 2 weeks, 3 days ago | blog.sonatype.com
attack attacks backdoor bank +26
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and libzma 2 weeks, 3 days ago | blog.sonatype.com
attack attacks backdoor bank +26
SBOM, VDR, and Maven: Transforming the Apache Logging experience to a common pattern 2 weeks, 6 days ago | blog.sonatype.com
apache cyclonedx devzone experience +14
Cyber readiness and SBOMs 3 weeks, 2 days ago | blog.sonatype.com
academic academic research advanced bills +22
Open source ML/AI models: attackers' next target 3 weeks, 6 days ago | blog.sonatype.com
ai models apps art attackers +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Dir-Information Security - Cyber Analytics

@ Marriott International | Bethesda, MD, United States
View on infosec-jobs.com

Security Engineer - Security Operations

@ TravelPerk | Barcelona, Barcelona, Spain
View on infosec-jobs.com

Information Security Mgmt- Risk Assessor

@ JPMorgan Chase & Co. | Bengaluru, Karnataka, India
View on infosec-jobs.com

SAP CO Consultant

@ Atos | Istanbul, TR
View on infosec-jobs.com
View more jobs