TEL AVIV, Israel and BOSTON, Nov. 9, 2021 /PRNewswire/ — In an effort to help developers meet new governmental regulations for protecting the software supply chain, WhiteSource, the leader in open source security and management, today released WhiteSource SBOM, a new tool that quickly and easily creates a software bill of materials (SBOM) and uniquely provides a path to remediation when vulnerabilities are identified.
The software supply chain has come under increasing scrutiny since the SolarWinds attack in late 2020, which exposed data from more than 18,000 companies and governmental agencies. In response, the White House issued an executive order that aims to improve the nation’s cybersecurity in order to protect governmental agencies and vital infrastructure from software supply chain attacks. A key part of those efforts is the need for all software to contain SBOMs, a formal, machine-readable inventory of software components and dependencies used to track their supply chain relationships, dependencies, and hierarchical relationships.
WhiteSource SBOM identifies open source libraries, tracks and documents components, and automatically updates when changes are made, providing deep inspection and insight that make it possible to identify unintentional or malicious content being installed during application builds. When vulnerabilities are identified, WhiteSource SBOM provides a path to remediation that ensures updates won’t break the build.
“Attacks against the software supply chain increased more than 600 percent in the past year, and in two-thirds of those attacks, cyberattackers used code from suppliers to expand the attack,” said Rami Sass, Co-Founder and CEO of WhiteSource. “Organizations can now leverage WhiteSource SBOM to detect and remediate vulnerabilities, significantly reducing the risk of successful attacks.”
To learn more about WhiteSource SBOM and create a trial SBOM, visit https://www.whitesourcesoftware.com/sbom
WhiteSource helps organizations accelerate the development of secure software at scale. We provide automated tools that help bridge the security knowledge gap, integrating easily into the software development life cycle, and going beyond detection with a remediation-first approach. WhiteSource is built on the most comprehensive vulnerability database in the industry, providing the widest coverage for threats and attack vectors. Our solution helps enterprises like Microsoft, IBM, Comcast, Philips, and many more reduce security risk and increase the productivity of their security and development teams. For more information, visit www.whitesourcesoftware.com.