Overview and Introduction Welcome to the third installment of the “Care and Feeding of SBOMs” series! Our first article, SBOM Adoption at Scale: Burden or Opportunity?, outlined the strategic importance of Software Bills of Materials (SBOMs). The second, How to Build SBOMs at Scale, dove into the practicalities of generating accurate SBOMs for your organization’s…
Continue Readingcompliance
Industry News
Fidelity says data breach exposed personal data of 77,000 customers
Internet Archive hacked, data breach impacts 31 million users
Water supplier American Water Works says systems hacked
Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links
SEC Charges SolarWinds and CISO with Fraud, Internal Control Failures
SBOM Adoption Guide: Part 1 – Burden or Opportunity?
Hello World Welcome to the “SBOM Adoption” series – a practical guide designed to navigate the evolving landscape of Software Bill of Materials (SBOM) adoption. As software supply chains grow more complex and interconnected, understanding what’s inside our software is no longer optional; it’s essential for security, compliance, and trust. Fundamentally, an SBOM provides a…
Continue ReadingDevSecOps Roadmap Part 4: Link SBOMs with External References
This is the fourth and final post in our series on managing SBOMs at scale, where we’ll dive into the intricacies of creating, managing, and ingesting complex dependent SBOMs. If you haven’t read it yet, check out our first three posts “DevSecOps Roadmap: Do I Really Need SBOMs?”, “DevSecOps Roadmap: Generating SBOMs”, and “DevSecOps Roadmap:…
Continue ReadingDevSecOps Roadmap Part 3: Ingest, Manage, and Monitor SBOMs
This is the third post in our series on managing SBOMs at scale, where we’ll dive into how to ingest, manage and monitor SBOMs that you receive. If you haven’t read them yet, check out our first two posts “DevSecOps Roadmap: Do I Really Need SBOMs?” and “DevSecOps Roadmap: Generating SBOMs”. In previous posts we…
Continue ReadingDevSecOps Roadmap Part 2 – Generating SBOMs
This is the second post in our series on managing SBOMs at scale, where we’ll dive into defining goals around SBOM generation in order to determine which type of SBOM to generate, when and how to generate and where you might store SBOMs. If you haven’t read it yet, check out our first post “DevSecOps…
Continue ReadingDevSecOps Roadmap Part 1 – Do I Really Need SBOMs?
This is the first in our series on SBOMs, where we’ll dive into: Much of this series will focus on high level processes and ideal practices, and less so on the actual implementation details, so if you’re looking for those check out the last post in the series here. If you need a refresher on…
Continue ReadingSecuring NonprofitTech: Protecting the Digital Tools Powering Good Causes
Nonprofits exist to change the world. Whether you’re tackling hunger, providing essential care, or working on countless other missions, the work you do matters. But your impact is also what makes you a prime target for exploitation. You may not have the deep pockets of big corporations, but you do have something hackers want: data…
Continue ReadingHow SOOS Helps Companies in the InsurTech Industry
The insurance technology industry, also known as InsurTech, relies on software to power digital insurance platforms, process claims, manage policyholder data, and detect fraud. As insurers embrace digital technologies like automation, cloud computing, and AI-driven risk assessment, they also face growing cybersecurity threats, regulatory scrutiny, and vulnerabilities introduced by third-party software components. Addressing these risks…
Continue ReadingThe Importance of Software Security in the MedTech Industry
The MedTech industry depends on software to power life-saving devices, manage patient data, and improve healthcare access and efficiency. From diagnostic tools to wearable health devices to telehealth platforms, medical software applications are central to the functioning of modern healthcare systems. However, as reliance on software grows, so do cybersecurity threats, regulatory challenges, and the…
Continue ReadingPCI DSS Overview and Compliance Checklist
The Payment Card Industry Data Security Standard (PCI DSS) is designed to protect credit cardholder data and ensure businesses handling payment information maintain secure environments. Compliance is essential for preventing data breaches, avoiding regulatory fines, and maintaining customer trust. Organizations processing, storing, or transmitting cardholder data must adhere to PCI DSS, regardless of whether they…
Continue Reading