For many development organizations, Microsoft Windows remains the dominant operating platform. Therefore, ensuring the security of these systems needs to be a high priority for security leaders and teams and a Windows security guide can help. This is particularly true with the growing use of DevSecOps, a model in which security is accounted for at every stage of the software development lifecycle (SDLC).

Because Microsoft Windows is such a key component of so many enterprise and development environments, securing the platform is vital for ensuring efficient and secure software delivery. This can be a challenging process for many organizations. While many tools exist for organizations to manage vulnerabilities in their software, the vast majority of these were initially built for use with Linux OS, resulting in gaps in functionality when they’re used for Windows.

Today we’re excited to share that we’re expanding our Dynamic Software Bill of Materials (Dynamic SBOM) service to support Windows environments. In May of 2021, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity. The objective of the order is to enhance the US government’s defenses in the wake of several high-profile breaches, including those that impacted SolarWinds and Kaseya.

When it comes to tools for generating a software bill of materials (SBOM), organizations basically have three options: use a software composition analysis (SCA) product, deploy an open source command-line interface (CLI) tool, or embrace new technology to find an altogether new solution. Whichever option an organization chooses can have a significant impact for its software security.

There has been a lot of tension building up since the announcement made by the OpenSSL project team last week (October 25th) regarding a security fix for a CRITICAL vulnerability in OpenSSL versions 3.x until today (November), when the information regarding the vulnerability has been made public. In the official security advisory released today by the OpenSSL project team, two different vulnerabilities were announced, none of which is critical: CVE-2022-3602 and CVE-2022-3786.

According to their recent announcement, the Open SSL project will release a new version of OpenSSL (version 3.0.7) on Tuesday, November 1, which will include a patch for a new, critical CVE.

Launching a vulnerability management program requires a few methodical steps When President Biden’s executive order shone a light on the need to modernize and strengthen cybersecurity at the federal level, that arguably lit a fire under private sector organizations to execute a vulnerability management program. No one denies the importance of a vulnerability management program to establish processes and controls to identify and remediate known vulnerabilities before they are exploited.

In a software-driven world, the number of newly discovered software vulnerabilities is constantly on the rise globally. Organizations rely on vulnerability scanners and Software Composition Analysis (SCA) tools to detect vulnerabilities in their software. But new research from Rezilion finds that relying on vulnerability scanners does not guarantee reliable results. In fact, our tests found mediocre accuracy in today’s most popular commercial and open-source scanning technologies.