In the wake of the discovery and remediation efforts surrounding the Log4shell vulnerability in the Apache library that contains Log4j, the Cybersecurity and Infrastructure Security Agency (CISA) called for efforts to push forward a software bill of materials (SBOM). Those calls were reiterated today at a Senate hearing on the vulnerability by industry witnesses involved in remediation efforts. […]

The Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force has met for the first time this calendar year, and designated work on a software bill of materials (SBOM) as one of its primary priorities for 2022, according to a Jan. 11 press release. […]

Officials from the Cybersecurity and Infrastructure Security Agency (CISA) and within the cybersecurity industry are warning of the potential for threat actors to have already exploited the Log4j vulnerability, but are waiting to pull the trigger on any planned exploits until focus on the vulnerability abates. […]

A month after its first public warnings about the Log4j vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) is continuing to work with Federal agencies and the public to mitigate potential exposure, and also renewing calls for a software bill of materials (SBOM) to aid in system visibility and inventory management. […]

The National Telecommunications and Information Administration (NTIA) is seeking feedback on what to include in its Software Bill of Materials (SBOM), as directed by President Biden’s cybersecurity executive order. […]

The House Energy and Commerce Committee’s Subcommittee on Oversight and Investigations today released a report identifying core strategies to address and prevent cybersecurity incidents. After gathering input through hearings, briefings, reports, and roundtables, the subcommittee developed six specific priorities to create stronger protections against cyberattacks. […]