SOOS’s new Community Edition is a totally free version of our software composition analysis (SCA) tool available to educational users and all developers working on open source projects. That’s FREE, as in beer. Free Vulnerability Scanner Now you can access the most practical and effective supply chain security tool available, at no cost. Identify and…
Continue ReadingIndustry News
Fidelity says data breach exposed personal data of 77,000 customers
Internet Archive hacked, data breach impacts 31 million users
Water supplier American Water Works says systems hacked
Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links
SEC Charges SolarWinds and CISO with Fraud, Internal Control Failures
What is Software Composition Analysis?
Software is only as safe as the code used to build it. Today, more than 90% of all new software is built using open source code, which can contain unknown risks and dependencies. Software Composition Analysis is a critical tool in reducing risks with third party packages. SOOS’s Software Composition Analysis (SCA) tools mitigate this…
Continue ReadingSOOS Year in Review
We’ve had an exciting year at SOOS. We want to thank all of our customers for a great 2022, and an even better 2023!
Continue ReadingSBOM 101: What is an SBOM? Why are they important?
SBOM stands for “software bill of materials.” At its most simplistic level, an SBOM is a list of “ingredients” that describes the components in a software application. More precisely (per the NTIA), a SBOM is a “complete, formally structured list of components, libraries and modules that are required to build a given piece of software…
Continue ReadingSBOMs to Be Required for Software Developers Who Do Business with the Federal Government
In May of 2021, the Biden Administration issued a new and aggressive mandate to all government agencies to ratchet up cybersecurity. As a result, we can expect to see an SBOM requirement for all software developers doing business with the Federal Government. EO 14028, The Executive Order Improving the Nation’s Cybersecurity, is a broad and…
Continue ReadingThe Executive Order on Improving the Nation’s Cybersecurity is a Game-Changer. Get Ready.
On May 12, 2021, President Biden issued the “Executive Order on Improving the Nation’s Cybersecurity (14028).” It’s a game-changing piece of legislation. And, like a lot of federal policy, it’s dense and hard to read, often raising as many questions as it answers. This order is frequently referred to as the Executive Order on Cybersecurity….
Continue ReadingZAP vs. SOOS: Dynamic Application Security Testing Tool Comparison
OWASP’s ZAP is a free, open-source DAST scanner widely used by security professionals around the world to find web application vulnerabilities. SOOS’s DAST scanning abilities are built on ZAP’s foundations, but with added features that makes automated DAST scanning an affordable and seamless part of your software development cycle. SOOS makes it easy to add DAST to the…
Continue ReadingSOOS Partners with RKVST
It’s been a year since US President Joe Biden issued Executive Order 14028, “Improving the Nation’s Cybersecurity”, published after the SolarWinds attack (one of the worst data breaches in the last decade). The executive order provides a set of requirements as well as a timeline for strengthening the security of the apps built and used by…
Continue ReadingSOOS Joins The DigitalOcean Wave
DigitalOcean is a cloud computing platform that makes it easy for developers, startups, and SMBs to build and deploy applications at scale. The large tech titans (Amazon, Google, Microsoft) dominate the enterprise market, but DigitalOcean has found its mission and market niche by focusing on the needs of SMBs. DigitalOcean’s platform is known for its simplicity,…
Continue ReadingTop 5 Vulnerabilities in Software Development
Virtually all software development has some security risk, whether it is a result of insufficient testing, ignoring best practices, using open-source code with known vulnerabilities, or any combination of poor techniques. Unfortunately, these flaws persist and show up with increasing frequency in applications and operating systems every day. The goal of software professionals everywhere is…
Continue Reading