The Critical Role of Scanning Depth and SBOMs

12.12.2024

Dr. Andreas Kotulla

SBOM

Navigating Open-Source-Compliance in 2024: The Critical Role of Scanning Depth and SBOMs In the evolving landscape of cybersecurity and software compliance, the importance of open source compliance cannot be overstated. New regulatory requirements like the Cyber Resilience Act (CRA), the Network and Information Security Directive (NIS2), and the Digital Operational Resilience Act (DORA) have introduced stricter obligations for organizations, especially

Read more

Immersive open source compliance visualization

13.11.2024

Leoni Tischer

SBOM

Imagine you could search through every single component of your software like a map – identify risks at a glance, track down hidden dependencies and effortlessly expose vulnerabilities. This is exactly what a software bill of materials (SBOM) makes possible! This article explains why this “list of ingredients” is indispensable for modern software projects today, especially as open source now

Read more

Digital Operational Resilience Act (DORA): Comprehensive checklist for companies

04.09.2024

Amy Jaqueline Wittmann

SBOM

Ms. Wittman is a lawyer in Munich and a partner at Bitsea. To enhance digital operational resilience, the European Commission has introduced the Digital Operational Resilience Act (Regulation (EU) 2022/2554 – “DORA”) as part of its Digital Finance Package 2020. Currently, regulations on digital resilience are scattered across various sector-specific EU laws and guidelines (e.g., MiF II, CRD, PSD2, Guidelines

Read more

Bisquat2: What is hiding there?

23.07.2024

Leoni Tischer

SBOM

Today, we are shedding light on a topic that is still all too readily overlooked as the “little sister of programming”. What hardly anyone cared about 20 years ago is to be placed under state control in the immediate future! As we now know, a major focus of Bitsea is checking for hidden risks in software. Many people typically first

Read more

The Cyber Resilience Act (CRA) and the Management of Open Source

09.07.2024

Dr. Andreas Kotulla

SBOM

Open source is everywhere: Hardly any product today can do without digital components, from electric toothbrushes and baby monitors to smartwatches. Less obvious to many users is the security risk that such products pose for the end users. The new European Cyber Resilience Act (CRA) aims to ensure that consumers receive secure products. The regulation was announced in the EU

Read more

Quickstart: NIS2-Directive

14.05.2024

Roman Yankin

SBOM

What is the NIS2 Directive? The NIS2 Directive, or the Directive on Security of Network and Information Systems, is a European Union (EU) directive that aims to enhance the overall cybersecurity and resilience of network and information systems across various critical sectors. NIS stands for Network and Information Systems. The directive was initially adopted in 2016 and became effective in

Read more

Quickstart: CRA (Cyber Resilience Act)

05.04.2024

Roman Yankin

SBOM

What is Cyber Resilience Act? The European Cyber Resilience Act (CRA) aims to set the boundary conditions for the development of secure products with digital elements by ensuring that hardware and software products are placed on the market with fewer vulnerabilities and that manufactures take security seriously throughout a product’s life cycle. It was introduced by the European Parliament in

Read more

Open Source Compliance? But more efficient, please!

22.09.2023

Dr. Andreas Kotulla

SBOM

Open Source Software (OSS) is everywhere and has become indispensable for modern software development. A typical software product today often contains more than 90% open source. The use of OSS has continued to skyrocket in recent years for a variety of reasons. Alarmed by spectacular cyberattacks on the software supply chain, the USA has issued regulations such as the “Executive

Read more

Level Up Your Security Game with VDR and VEX Reports

25.05.2023

Kendra Morton

SBOM

When we talk about security related to the software supply chain and third-party software management, it’s key that the tools you use provide detailed reports on the known and unknown vulnerabilities inside applications along with the level of exploitability of those vulnerable components. Absent that, all you have is a listing of SBOM parts without much to act on. Typically,

Read more

SBOMs: It’s All About Transparency into the Complexity of Your Software

15.11.2022

Dr. Andreas Kotulla

SBOM

In this article Kendra Morton, Product Marketing Team Leader at Revenera, discusses how the software industries relies on open source software. She observes that most applications are a mix of proprietary code a mix of third-party and open source software. Morton describes of the acceleration production process and the rise of software complexity. Morton identifies some challenges like the increase

Read more