SBOMS: BOMS for Vulnerability Tracking. Boom or Bust (A13c)
NIAP started a SBOM pilot on 1st March 2024 (Policy 30) for NIAP’s Application Software Protection Profile. The purpose of this project is the usage... Read More
Software Composition Analysis – Gold Standard for Supply Chain Security, Revisited (A13b)
Tracking known vulnerabilities in open-source libraries as Common Vulnerabilities and Exposures (CVE), and distribution via special databases such as those hosted by MITRE, has been... Read More
Confidential Computing and Common Criteria (A13a)
Confidential computing provides protection to data during processing, particularly for data being processed in a cloud or mobile environment. Beyond that, the definitions vary from... Read More
Panel Discussion: Vulnerability Handling and Disclosure, Assurance Continuity Processes (A12a)
This expert discussion covers the status and outlook of vulnerability handling. Common Criteria (CC) addresses vulnerability handling through a combination of security requirements and evaluation... Read More
SBOM the Good, the Bad, and the Ugly (A31a)
Over the past two years, we have seen numerous failings of products due to issues within their software supply chain. Unfortunately, supply chains have become... Read More
Panel Discussion: Evolution of the Cryptographic Standards Ecosystem (M22b)
Expert discussion on the status and outlook of cryptographic standards.
Customer-Provided Entropy Provision for Virtual Machines in Hypervisor Environments (M22a)
Virtualized environments rely on high-quality entropy for generating cryptographic keys and securing sensitive data. In many cases, the entropy sources within the VM or sourced... Read More