Latest news with #SBOM
Business Standard
a day ago
- Business
- Business Standard
Sonatype Expands Global Operations With New India Innovation Center
NewsVoir Hyderabad (Telangana) [India], June 19: Sonatype®, the end-to-end software supply chain security company, has announced the opening of a new Innovation Center in Hyderabad, India -- a key step in its strategy to scale global, AI-driven software development. The center will support continuous innovation and strengthen Sonatype's mission to secure modern software built on open source and AI-generated code. With this expansion, Sonatype will continue its legacy of innovation, including the creation of Nexus Repository -- trusted by over 15 million developers -- and safeguarding Maven Central, the largest open source Java repository in the world. As open source and AI-generated components now make up over 80% of modern code, Sonatype's comprehensive platform uniquely protects the entire software development lifecycle from emerging threats. "India is home to one of the largest open source and AI adoption communities in the world. By expanding to Hyderabad, we are building closer connections to the region's AI-first innovation hubs, while reaffirming our long-term commitment to scaling responsibly and sustainably," said Mitchell Johnson, Chief Product Development Officer at Sonatype. "With access to India's top-tier talent, we're extending our ability to better support a new generation of forward-thinking customers and partners, with greater speed, resilience, and impact." Sonatype's Hyderabad Innovation Center will house over 200 engineers, product leaders, security researchers, and AI experts, working in a culture rooted in openness, ownership, and innovation. The center will accelerate product development, strengthen AI capabilities, and enable 24/7 global support. Leading Sonatype's strategy and growth in India is Abhishek Chauhan, newly appointed Head of India and Senior Director of Technology, who brings deep software security expertise from roles at Lending Tree and Wells Fargo. "From Maven Central and Nexus Repository to patented AI-driven technology, Sonatype has always been on the frontier of innovation," said Abhishek Chauhan, Head of India and Senior Director of Technology. "I'm excited to be joining at such a pivotal moment in the company's journey and lead the team in India. With this new center, we're investing not just in technology, but in the next generation of engineering talent that will define the future of secure software." Sonatype has been a trusted industry leader for more than two decades helping to shape global regulations and industry standards for secure software development and is a founding member of the Open Source Security Foundation (OpenSSF), a Linux Foundation project. Today, organizations in India are adapting to evolving frameworks -- including CERT-IN guidelines, SBOM compliance, and the SEBI Cyber Resilience Framework. Sonatype is committed to serving as a guiding and educational partner, providing resources and tools to protect the software that underpins modern critical infrastructure. Sonatype is headquartered in Fulton, Maryland with global offices in the United Kingdom, Australia, Colombia, and now HITEC City, Hyderabad. For more information about the Sonatype India Innovation Center, visit Sonatype is the software supply chain security company. We provide the world's best end-to-end software supply chain security solution, combining the only proactive protection against malicious open source, the only enterprise grade SBOM management and the leading open source dependency management platform. This empowers enterprises to create and maintain secure, quality, and innovative software at scale. As founders of Nexus Repository and stewards of Maven Central, the world's largest repository of Java open-source software, we are software pioneers and our open source expertise is unmatched. We empower innovation with an unparalleled commitment to build faster, safer software and harness AI and data intelligence to mitigate risk, maximize efficiencies, and drive powerful software development. More than 2,000 organizations, including 70% of the Fortune 100 and 15 million software developers, rely on Sonatype to optimize their software supply chains. To learn more about Sonatype, please visit
Fashion Value Chain
2 days ago
- Business
- Fashion Value Chain
Sonatype Expands Global Operations With New India Innovation Center
Sonatype, the end-to-end software supply chain security company, has announced the opening of a new Innovation Center in Hyderabad, India – a key step in its strategy to scale global, AI-driven software development. The center will support continuous innovation and strengthen Sonatype's mission to secure modern software built on open source and AI-generated code. Sonatype Chief Product Development Officer, Mitchell Johnson, joins Abhishek Chauhan, Head of India and Senior Director of Technology, at the opening of their Innovation Center in Hyderabad With this expansion, Sonatype will continue its legacy of innovation, including the creation of Nexus Repository – trusted by over 15 million developers – and safeguarding Maven Central, the largest open source Java repository in the world. As open source and AI-generated components now make up over 80% of modern code, Sonatype's comprehensive platform uniquely protects the entire software development lifecycle from emerging threats. 'India is home to one of the largest open source and AI adoption communities in the world. By expanding to Hyderabad, we are building closer connections to the region's AI-first innovation hubs, while reaffirming our long-term commitment to scaling responsibly and sustainably,' said Mitchell Johnson, Chief Product Development Officer at Sonatype. 'With access to India's top-tier talent, we're extending our ability to better support a new generation of forward-thinking customers and partners, with greater speed, resilience, and impact.' Sonatype's Hyderabad Innovation Center will house over 200 engineers, product leaders, security researchers, and AI experts, working in a culture rooted in openness, ownership, and innovation. The center will accelerate product development, strengthen AI capabilities, and enable 24/7 global support. Leading Sonatype's strategy and growth in India is Abhishek Chauhan, newly appointed Head of India and Senior Director of Technology, who brings deep software security expertise from roles at Lending Tree and Wells Fargo. 'From Maven Central and Nexus Repository to patented AI-driven technology, Sonatype has always been on the frontier of innovation,' said Abhishek Chauhan, Head of India and Senior Director of Technology. 'I'm excited to be joining at such a pivotal moment in the company's journey and lead the team in India. With this new center, we're investing not just in technology, but in the next generation of engineering talent that will define the future of secure software.' Sonatype has been a trusted industry leader for more than two decades helping to shape global regulations and industry standards for secure software development and is a founding member of the Open Source Security Foundation (OpenSSF), a Linux Foundation project. Today, organizations in India are adapting to evolving frameworks – including CERT-IN guidelines, SBOM compliance, and the SEBI Cyber Resilience Framework. Sonatype is committed to serving as a guiding and educational partner, providing resources and tools to protect the software that underpins modern critical infrastructure. Sonatype is headquartered in Fulton, Maryland with global offices in the United Kingdom, Australia, Colombia, and now HITEC City, Hyderabad. For more information about the Sonatype India Innovation Center, visit About Sonatype Sonatype is the software supply chain security company. We provide the world's best end-to-end software supply chain security solution, combining the only proactive protection against malicious open source, the only enterprise grade SBOM management and the leading open source dependency management platform. This empowers enterprises to create and maintain secure, quality, and innovative software at scale. As founders of Nexus Repository and stewards of Maven Central, the world's largest repository of Java open-source software, we are software pioneers and our open source expertise is unmatched. We empower innovation with an unparalleled commitment to build faster, safer software and harness AI and data intelligence to mitigate risk, maximize efficiencies, and drive powerful software development. More than 2,000 organizations, including 70% of the Fortune 100 and 15 million software developers, rely on Sonatype to optimize their software supply chains. To learn more about Sonatype, please visit
Business Wire
2 days ago
- Business
- Business Wire
VulnCheck Integrates with ServiceNow to Advance Vulnerability Management
LEXINGTON, Mass.--(BUSINESS WIRE)-- VulnCheck, the exploit intelligence company, today announced the launch of VulnCheck for Vulnerability Response and VulnCheck for SBOM Response, certified ServiceNow integrations available today in the ServiceNow Store. Both new VulnCheck apps help customers minimize exploit risk with unmatched visibility and centralized oversight of the vulnerability management and supply chain lifecycles. VulnCheck for Vulnerability Response enables enhanced, organization-wide vulnerability and exploit management to power response workflows within ServiceNow instances. VulnCheck for SBOM Response helps teams defend against software supply chain attacks that introduce open source software risk. The module embeds real-time, prioritizing exploit intelligence directly into Software Bill of Materials (SBOMs) to manage incident response workflows with speed and precision. Unlike conventional vulnerability feeds that rely on static risk scores, VulnCheck provides dynamic insights—such as Known Exploited Vulnerabilities (KEVs), proof-of-concept exploits, and weaponization details—enabling security teams to rapidly pinpoint and remediate threats within third-party and open-source components. With these integrations, organizations are empowered to rapidly identify and remediate vulnerabilities in third-party and internal software components, significantly reducing risk exposure, accelerating incident response, and ensuring regulatory compliance. Key benefits of VulnCheck for SBOM Response include: Automated Vulnerability Identification: Seamless ingestion and enrichment of SBOM data with VulnCheck's extensive vulnerability database, offering real-time visibility into software supply chain risks. Prioritized Threat Intelligence: Focused remediation efforts driven by exploit-centric intelligence that highlights vulnerabilities under active attack, reducing false positives and noise. Streamlined Incident Response: Direct integration with ServiceNow workflows automates ticket creation and remediation tracking, accelerating response times and improving resource allocation. Continuous Monitoring & Compliance: Ongoing SBOM hygiene and vulnerability monitoring supports compliance with Executive Order 14028 and other regulatory frameworks. Enterprise-Grade Collaboration: Enhanced visibility and centralized oversight within ServiceNow facilitate cross-team collaboration between security, IT, and DevOps. Key benefits of VulnCheck for Vulnerability Response include: Dynamic Vulnerability Enrichment: Fetch and enrich vulnerabilities from the VulnCheck platform with exploit intelligence, populating ServiceNow tables automatically. Flexible Configuration: Customized authentication, filtering, and integration settings to suit enterprise needs. Efficient Data Management: Run daily or on-demand integrations to keep vulnerability and exploit data current. Focused Remediation: Enrich specific vulnerabilities or sets by ID for targeted action. Centralized Exposure Assessment: Create vulnerable item details and streamline incident response. 'With VulnCheck's real-time exploit intelligence now embedded directly into ServiceNow, organizations can act on the most critical threats faster than ever before,' said Anthony Bettini, CEO and Founder of VulnCheck. 'Our solution continuously delivers actionable, prioritized intelligence so security teams can focus on what matters most. These integrations not only streamline workflows but fundamentally advance how enterprises manage security risks to improve their overall defense posture.' VulnCheck delivers the most comprehensive, real-time exploit and vulnerability intelligence, autonomously collected at the time of disclosure. VulnCheck sources data from nearly 500 channels and over 400 million records across all CVEs. The platform refreshes its feed every eight hours and provides data output in machine-readable formats. Designed for seamless integration into security workflows and products, VulnCheck enables product, security, and response teams to track, prioritize, and remediate the most critical vulnerabilities before attackers strike. VulnCheck for SBOM Response and VulnCheck for Vulnerability Response are now available on the ServiceNow Store, enabling organizations to harness the power of real-time vulnerability intelligence within their existing IT and security workflows without disruption. For more information about VulnCheck and its intelligence services, visit About VulnCheck VulnCheck is the exploit intelligence company helping enterprises, government organizations, and cybersecurity vendors solve the vulnerability prioritization challenge. Trusted by some of the world's largest organizations responsible for protecting hundreds of millions of systems and people, VulnCheck helps organizations outpace adversaries by providing the most comprehensive, real-time vulnerability intelligence that is autonomously correlated with unique, proprietary exploit and threat intelligence. Follow the company on LinkedIn or X. To learn more about VulnCheck, visit
Yahoo
3 days ago
- Business
- Yahoo
Cybeats Views EU Adoption of Cyber-Crisis Blueprints as Market Inflection Point
Toronto, Ontario--(Newsfile Corp. - June 18, 2025) - Cybeats Technologies Corp. (CSE: CYBT) (OTCQB: CYBCF) ("Cybeats" or the "Company"), a leading provider of software supply-chain security, commends the European Union Agency for Cybersecurity's (ENISA) formal adoption of the EU Cyber-Crisis Management Blueprint (the "Blueprint"). The formal adoption, which includes mandatory SBOM data exchange across national borders, represents a seismic shift in global software supply chain security. For Cybeats, it opens a unified, operationally enforced market for its platform across 27 countries.1 This new Blueprint contains a continent-wide framework that requires Member States to exchange security incident data via machine-readable artefacts, most notably Software Bills of Materials ("SBOMs"), during all stages of a cyber-incident lifecycle. "Europe is transforming SBOM from a best practice into an enforceable legal requirement," said Justin Leger, CEO of Cybeats. "Regulatory agencies, national governments, and industry giants are all arriving at the same answer: SBOMs are essential. Cybeats is the solution designed specifically to turn that requirement into operational value." The announcement follows DIGITALEUROPE's June 2025 cyber recommendations2, urging for the creation of a single reporting portal, and calling for mutual recognition of NIS2 audits across Member States, and proposing a 12-month transition before CRA essentials like SBOM generation become mandatory.3 The Blueprint adds the critical "operations layer" to the Cyber Resilience Act by specifying how SBOM data will flow between national authorities, ENISA and industry, accelerating coordinated responses to supply-chain attacks. SBOMs are becoming unavoidable across the EU, with regulations like CRA, NIS2, and the new Blueprint mandating them as digital compliance proof in procurement by 2026-27. However, SBOMs are more than compliance checkboxes: the Blueprint repositions them as real-time data tools for security response, boosting demand for continuous analytics platforms like Cybeats. Meanwhile, Digital Europe's proposed self-assessment and single EU portal make early compliance easier, accelerating adoption by thousands of smaller suppliers. Cybeats SBOM Studio addresses Europe's new SBOM rules via: Supports SPDX, CycloneDX 1.5+, and VEX formats for EU compliance. Automated APIs for SBOM and vulnerability submission to future ENISA portals. Aligns with CRA, NIS2, and Blueprint operational workflows. The Company announces that Chris Malkhassian has resigned from the Board of Directors of the Company, effective May 22, 2025. The Company thanks Mr. Malkhassian for his contributions, and wishes him all the best in his future endeavours. The Company intends to issue 181,048 common shares in a debt settlement of $22,631, at a deemed price of $0.125 per share. About Cybeats Technologies Corp. Cybeats Technologies Corp. (CSE: CYBT) (OTCQB: CYBCF) is a cybersecurity company providing Software Bill of Material (SBOM) management and software supply chain intelligence technology, helping organizations to manage risk, meet compliance requirements, and secure their software from procurement to development and operation. Cybeats platform gives customers comprehensive visibility and transparency into their software supply chain, enabling them to improve operational efficiency, increase revenue, and align organizations with current and future regulations. Cybeats. Software Made Certain. Website: Contact: Justin Leger, CEOPhone: 1-888-713-SBOM (7266)Email: ir@ Sean Peasgood, Investor RelationsPhone: (905) 667-6761Email: Sean@ Forward-looking Information Cautionary Statement Except for statements of historic fact, this news release contains certain "forward-looking information" within the meaning of applicable securities law. Forward-looking information is frequently characterized by words such as "plan", "expect", "project", "intend", "believe", "anticipate", "estimate" and other similar words, or statements that certain events or conditions "may" or "will" occur. In particular, this news release contains forward-looking information relating to, among other things, the Company's expectations with respect to the use of proceeds and the use of the available funds following completion of the Offering, and the completion of the Offering. Forward-looking statements are based on the opinions and estimates at the date the statements are made and are subject to a variety of risks and uncertainties and other factors that could cause actual events or results to differ materially from those anticipated in the forward-looking statements including, but not limited to delays or uncertainties with regulatory approvals, including that of the CSE. There are uncertainties inherent in forward-looking information, including factors beyond the Company's control. There are no assurances that the commercialization plans for the products described in this news release will come into effect on the terms or time frame described herein. The Company undertakes no obligation to update forward-looking information if circumstances or management's estimates or opinions should change except as required by law. The reader is cautioned not to place undue reliance on forward-looking statements. Company filings are available under the Company's SEDAR+ profile at 1 2 3 To view the source version of this press release, please visit Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Associated Press
03-06-2025
- Business
- Associated Press
BlueVoyant Unveils New SBOM Capabilities as Part of Its Leading Third-Party Cyber Risk Management Solution
BlueVoyant's new Software Bill of Materials (SBOM) management offering, powered by SBOM leader Manifest, enables organizations to efficiently analyze and reduce third-party risks from commercial software NEW YORK, June 3, 2025 /PRNewswire/ -- BlueVoyant, the leader in integrated cybersecurity, today launched its Software Bill of Materials (SBOM) management offering, which helps organizations reduce risk related to software by automating the ingestion, analysis, and tracking of software component information from third-party software vendors. The latest advancements enhance Supply Chain Defense, BlueVoyant's next-generation third-party cyber risk management solution that continuously monitors suppliers, vendors, and other third parties, and then works with them to quickly remediate threats. BlueVoyant's SBOM solution is powered through a partnership with Manifest, a cybersecurity company that specializes in securing software supply chains for corporate and government entities. More than 85% of applications contain at least one software vulnerability, according to the Open Source Software Risk Analysis (OSSRA) Report. Yet, many organizations lack visibility into software design or an efficient way to assess and manage third-party SBOM information, which can leave them open to breaches, business interruption, and regulatory compliance issues. As a result, organizations are looking for solutions. By leveraging the BlueVoyant-Manifest SBOM solution, security teams can proactively gain deep insights into software risk exposure and other dependencies that their businesses may rely on. 'By combining Manifest's depth of experience in SBOM with BlueVoyant's holistic Supply Chain Defense, clients get continuous monitoring and remediation to solve their biggest third-party cybersecurity challenges,' said Marc Frankel, CEO and co-founder of Manifest. The key benefits to utilizing SBOM for third-party risk are: 'Organizations in the private and public sectors are realizing that SBOM visibility is a crucial part of a proactive third-party cyber risk management program,' said Joel Molinoff, global head of Supply Chain Defense at BlueVoyant. 'By enhancing BlueVoyant's Supply Chain Defense with Manifest's SBOM capabilities, our clients are expanding their risk visibility deeper into the software supply chain and ensuring continuous monitoring and remediation of critical threats.' BlueVoyant's Supply Chain Defense has garnered multiple industry awards. This year it was named a winner in the Cybersecurity Excellence Awards for Supply Chain and a finalist in the SC Awards for Best Supply Chain Security. Additionally, BlueVoyant was recognized in the 2025 Gartner® Market Guide for Third-Party Risk Management Technology Solutions published May 2025 by Antonia Donaldson, Luke Ellery, et al. Supply Chain Defense is part of the BlueVoyant Cyber Defense Platform, which provides holistic cyber defense by helping clients to detect, investigate, and mitigate threats from internal, external, and third-party ecosystems in one cloud-native platform. Find more information about BlueVoyant's SBOM solution here. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. About BlueVoyant BlueVoyant delivers a comprehensive cloud-native security operations platform that provides real-time threat monitoring for networks, endpoints, and supply chains, extending to the clear, deep, and dark web. The platform integrates advanced AI technology with expert human insight to offer extensive protection and swift threat mitigation, ensuring enterprise cybersecurity. Trusted by more than 1,000 clients globally, and the 2024 Microsoft Worldwide Security Partner of the Year, BlueVoyant sets the standard for modern cyber defense solutions. BlueVoyant Press Contact: Jennifer Schlesinger [email protected] About Manifest Manifest is a cybersecurity company that reduces software supply chain risk through its software bills of materials (SBOM) and AI Bill of Materials (AIBOM) management platform. By automatically generating, managing, and analyzing an organization's BOMs, Manifest instantly finds vulnerabilities embedded in the software they build and buy and provides proactive alerts before an organization even knows there's an issue. Founded in 2022 by former employees of Palantir, DoD, and DHS CISA, Manifest quantifies third-party risk in software supply chains. View original content to download multimedia: SOURCE BlueVoyant
