The project is a collaboration of the Open Source Security Foundation (OpenSSF), the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Homeland Security’s Science and Technology Directorate (DHS S&T).

“Vulnerabilities in software are a key risk in cybersecurity, with known exploits being a primary path for bad actors to inflict a range of harms. By leveraging SBOMs as key elements of software security, we can mitigate the risk to the software supply chain and respond to new risks faster, and more efficiently,” said Allan Friedman, senior advisor and strategist at CISA.

Protobom allows companies to read data from software specifications (SBOMs), create their own SBOMs, and translate SBOMs into a variety of standard formats.

According to OpenSSF, there are many SBOM formats and schemas, which can be challenging for companies. The goal of the new project is to provide “a format-neutral data layer on top of standards that allows applications to work seamlessly with any kind of SBOM.”

“Protobom is a step towards greater efficiency and interoperability by translating across the widely used formats so that tools and organizations can focus on what’s important. It is a positive solution that helps shape a more transparent software-driven world”, Allan Friedman added.

OpenSSF also explained that by integrating Protobom into applications that link SBOM and vulnerability information, organizations will be able to more quickly access the necessary patches and mitigations to keep their software supply chains safe.

According to Omhar Arasaratnam, General Manager of OpenSSF Protobom will enable organizations to proactively manage the risk of their open source dependencies.

“If you look at every other deploy and release vendor on the market, they’re built to service centralized release and operations teams who want tighter control over deploys. But this doesn’t reflect the reality of elite software teams who depend on developers to drive and deliver fast innovation. Our approach to CircleCI releases provides a developer-centric workflow that enables them to ship faster and monitor new features in production coupled with the safety net of quickly rolling back releases if something goes wrong”, said Rob Zuber, CTO of CircleCI.

According to the company, the main advantage of this new feature is that it can give developers more confidence in creating releases, as well as reduce the average time to fix issues.

With ongoing Kubernetes and Amazon SageMaker support, developers now have comprehensive visibility into their production deployments and access to rollback commands (e.g., version recovery, component scaling, and component restart).

Some of the key capabilities that will emerge with CircleCI releases include the ability to link CI/CD to customer experiences, real-time service validation, performance degradation prevention, and more.

The Release Dashboard shows a release history for all components with details for each, a list of release environments, and a list of components and associated projects.

“The issues around last week’s 1.14 network update – which focused on improvements for speed and scale – made it clear how maintaining stability during these major updates remains a challenge.”

said Anatoly Yakovenko.

He also stated that last week’s 1.14 network update raised the issue of maintaining stability during major updates.

After the latest release, engineers plan to bring in additional outside developers and auditors to test and detect exploits. They will also form an adversary team that will consist of nearly a third of Solana Labs’ core engineering team.

“For example, Jump Crypto’s Firedancer team is building a second validator client to increase the network’s throughput, efficiency, and resiliency. Mango DAO developers are focused on the tooling needed to build on Solana,”

Yakovenko said.

The comments were made after a lengthy outage of the Solana blockchain over the weekend. The problems, which began as slow transaction processing, have turned into a near-complete shutdown of Solana’s operations. Developers said Monday that the cause of the weekend’s network-wide outage is still unclear, but investigations are ongoing.

“If sites use outdated versions of such add-ons that lack important fixes, the targeted webpages are injected with malicious JavaScripts. As a result, when users click on any area of the attacked page, they are redirected to other sites.”

said Russian security provider Doctor Web in a report published last week.

The attacks involve arming a list of known security vulnerabilities on 19 different plugins and themes that are likely installed on the WordPress site, using it to deploy an implant that can target a specific website to further expand the web.

It is also capable of injecting JavaScript code extracted from a remote server to redirect site visitors to an arbitrary website of the attacker’s choice.

Experts advise WordPress users to keep all platform components up-to-date, including third-party add-ons and themes. They are also advised to use strong and unique logins and passwords to protect their accounts.

Microsoft first adopted CET through an implementation known as Hardware-enforced Stack Protection back in March of this year. Hardware-enforced Stack Protection leverages the Intel CET chipset security extension to secure Windows applications from Return-Oriented Programming (ROP), Jump Oriented Programming and other common exploit techniques.

While Edge will soon use CET to provide users with an even safer browsing mode, there is a big catch as you’ll need to be running either an Intel 11th Gen or an AMD Zen 3 processor to enable this feature.

Control-flow Enforcement Technology

Although CET support was originally intended to ship with version 94 of Edge in September, according to a new post in the Microsoft 365 Roadmap, this feature has been slightly delayed and will now be arriving in October with the release of Edge version 95.

Organizations that wish to disable CET can do so by changing Image File Execution Options (IFEO) using group policy.

Although many organizations are planning to adopt hybrid work polices, many employees are still working from home and by adding CET support to Edge, Microsoft will help keep workers safe from attacks and exploits designed to be delivered remotely.