#USA #Santa Barbara #software security #Anchore #SBOM

Anchore Expands Its Security Offerings with SBOM Support

In a pioneering move for software security in cloud-native environments, Anchore has recently unveiled the latest enhancement to its software composition analysis platform: support for Bring Your Own Software Bill of Materials (SBOM). With this addition, Anchore is not just continuing its tradition of excellence but is solidifying its position as a market leader in ensuring secure software supply chains.

What is SBOM and Why Does It Matter?

Software Bill of Materials (SBOM) is gaining traction as a critical component in the software development lifecycle. It acts as a comprehensive inventory of the components that make up a piece of software. Given the increasing complexity of software applications—especially with the proliferation of open-source software (OSS)—the necessity of having visibility into these components cannot be overstated. A recent Gartner report indicates that OSS forms 70% to 90% of any given application, yet a staggering 85% of organizations express feeling inadequately prepared to manage such complexities.

Anchore's SBOM strategy allows organizations to gain thorough insight into both internally developed and third-party components. This feature becomes particularly essential as regulatory pressures mount from laws such as the EU's Cyber Resilience Act and U.S. Cybersecurity Executive Orders, which mandate increased transparency in the software supply chain.

Key Features of Anchore SBOM

The newly launched Anchore SBOM not only emphasizes flexibility and ease of use but also provides multiple pivotal features that enhance security practices across the board:

1. Bringing Your Own SBOM: Users can import SBOMs generated by various tools, including common formats like SPDX and CycloneDX. This flexibility allows businesses to analyze their components and vulnerabilities seamlessly.

2. SBOM Validation: Ensures that uploaded SBOMs adhere to established schema standards, aiding organizations in assessing quality and ensuring that their vulnerabilities are effectively scanned.

3. Centralized SBOM Management: Anchore enables users to store and group SBOMs logically, facilitating smoother management, analysis, and reporting, enhancing interdepartmental collaboration.

4. Vulnerability Identification: Upon uploading SBOMs, Anchore identifies and reports any vulnerabilities, allowing for quicker remediation efforts.

5. Prioritization and Triage: Anchore's scoring mechanism, which incorporates various data points like CVSS scores and CISA KEV data, helps prioritize vulnerabilities efficiently, improving triage times significantly.

The Importance of Security During Software Development

Neil Levine, SVP of Product at Anchore, emphasizes the significance of securing the software delivery pipeline. He states, "We know that securing the software delivery pipeline is necessary to secure the software being delivered; that's why we secure software during development, delivery, and post-deployment."

With high-profile customers like NVIDIA, Cisco, and the U.S. Department of Defense already leveraging Anchore’s SBOM-centric approach, it’s clear that organizations are taking the threats posed by unregulated software seriously. This tool doesn't just analyze and manage software components; it also empowers various departments including security, engineering, procurement, and legal teams with the necessary resources to navigate increasingly complex software supply chains.

The Future of Software Security

As threats to software supply chains continue to evolve, solutions like Anchore's SBOM will be instrumental in bringing about a culture of security-first development practices. With ten years of expertise in the field, Anchore embodies a proactive approach in an environment that increasingly demands immediate and robust security measures.

In conclusion, Anchore’s latest announcement significantly fortifies its capabilities in supporting enterprises and government agencies in their quest for comprehensive visibility and resilient software supply chain security. As organizations navigate these challenges, having a trusted partner like Anchore could very well be the key to maintaining a secure software environment in an increasingly open-source dominated world.