In-depth articles on the Cyber Resilience Act, SBOM complexity and current European legislation. Featured weekly on LinkedIn — always available here in full.
A modern application often consists of 80% to 90% open-source components. What you as a developer add explicitly is just the tip of the iceberg...
Your SBOM scanner gives the green light, but a time bomb is ticking beneath the surface. Learn how 'phantom dependencies' end up invisibly in your production environment.
The notorious SolarWinds hack didn't happen through a vulnerable library, but because the factory itself was infected. Time for the 'Build SBOM'.
Generating an accurate SBOM for Java is absolute hell. An SBOM of exactly the same code can differ from one day to the next.
How does a vulnerability scanner know whether 'Library X' in your SBOM is the same as in the database? The battle between CPE and PURL explained.
The cybersecurity industry is locked in a standards war. Do you choose the ISO-certified veteran (SPDX) or the DevOps favourite (CycloneDX)?
An SBOM generated during the build is just a theoretical blueprint. What happens when applications dynamically load plugins or mutate?
Panic! The scanner finds 480 vulnerabilities. How VEX (Vulnerability Exploitability eXchange) counters alert fatigue and separates reality from noise.
The SBOM was originally devised not for hackers but for lawyers. Discover the legal pitfalls of the open-source supply chain.
How do you share an SBOM (the blueprint of your weaknesses) securely with a customer? And how do you cryptographically prove it's genuine? Sigstore is the answer.