Interlynk

🛳️ Interlynk v3.1.9 is live to simplify product grouping 🛳️ This week's platform release allows you to label products automatically based on import, control the availability of the component support status field in SBOM, and add filtering by product life stage status across multiple views. 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺 𝗥𝗲𝗹𝗲𝗮𝘀𝗲 🌟 𝗛𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀: 🚀 Auto labeling:  Added ability to automatically group products by label at the time of Bitbucket import 🚀 Lifestage Filter: Updated ability to filter products and versions by the life stage status across all views 🚀 Component Support Status: SBOM exporter supports the ability to embed component support status within the SBOM in CycloneDX 📈 𝗨𝗜/𝗨𝗫 𝗜𝗺𝗽𝗿𝗼𝘃𝗲𝗺𝗲𝗻𝘁𝘀: ✨  Added hover row highlight for intuitive navigation ⤵️  Updated organization activity card layout (More coming soon..) 🗄️ Updated archived versions of the side-drawer ⚡️ Simplified action buttons in link and relationship editors 🐞 𝗕𝘂𝗴 𝗙𝗶𝘅𝗲𝘀: 16 big and tiny bug fixes, including: JIRA user list hitting limit, the vulnerability edit permission not showing up for some users, handling of invalid CWE link, and missing part name from CSV exports Read our official release notes here: https://t.co/Aj7YTzKNje 𝗢𝗽𝗲𝗻 𝗦𝗼𝘂𝗿𝗰𝗲 𝗥𝗲𝗹𝗲𝗮𝘀𝗲 SBOM Quality: sbomqs v1.0.4 Released 🚀 New Feature:  list components with missing compliance data 👉 More details: https://t.co/EjF1xoKeBv 🛠️ TR-03183: BSI compliance fixes for large PURL strings SBOM Editing: sbomasm v1.0.2 Released 👉 More details: https://t.co/O8jrsvdnEo 🐛 Fixed SBOM edit version reporting SBOM Management: sbommv v0.0.4 Released 🚀 New Feature: Folder monitoring added to speed up SBOM uploads. 👉 More details: https://t.co/5bKPGnJZXz 𝗠𝗲𝗲𝘁 𝘂𝘀 𝗮𝘁 𝘁𝗵𝗲 𝗥𝗦𝗔 𝗖𝗼𝗻𝗳𝗲𝗿𝗲𝗻𝗰𝗲 There are less than two weeks left to RSA, but there is still time to book a meeting with Interlynk here: https://t.co/F2ToONS6Fw. 🎁 You will also win an Interlynk surprise gift bag just for booking the slot.

🛡️ From Reactive to Proactive: The Future of SBOMs 🛡️ The software supply chain has become a favorite target for attackers, as seen in incidents like SolarWinds and xz-utils. In response, mandates like the U.S. Executive Order 14028 and the EU’s Cyber Resilience Act now require Software Bills of Materials (SBOMs). But today’s SBOMs are primarily reactive and are used after the incident comes to light. Hamed Okhravi, Ph.D. , Nathan Burow, and Fred B. Schneider - researchers at MIT Lincoln Laboratory and Cornell University, propose a shift: SBOMs as a proactive defense. Imagine an SBOM that goes beyond components to include: 👉 Reproducible build metadata 👉 Test coverage and methods 👉 DevSecOps practices 👉 Trust indicators across supply chains These additions could help assess trustworthiness before software is deployed, not after it's compromised. This vision turns SBOMs from mere “ingredient lists” into full recipes for software assurance. 🎯 The goal? A more resilient digital ecosystem where trust is built-in—not bolted on. Source: https://t.co/AiZGO3yHZB With Interlynk, you don't have to wait for this vision to come true. Interlynk SBOM Automation Platform already collects build metadata, builds supply chain insights, and monitors DevSecOps best practices automatically. With Interlynk, let’s make SBOMs more intelligent, profound, and proactive.

🌐 India’s SEBI extends CSCRF compliance deadline 🚀 Securities and Exchange Board of India (SEBI) - India's market regulator - has extended its Cybersecurity and Cyber Resilience Framework (CSCRF) deadline for SEBI-regulated industries. CSCRF mandates regulated entities like stockbrokers, depositories, and asset managers to adopt robust cybersecurity measures to protect against evolving threats. Now, SEBI regulated entities (REs) have upto June 30th, 2025 to meet CSCRF compliance. 💡 Key Highlights: 📈 SBOM Requirements: REs to obtain SBOM for critical systems software products / SaaS at the time of procurement 📈 Mandatory Vulnerability Assessments: Regular VAPT after major software changes. 📈 Engagement with Experts: Use of CERT-In empanelled auditing organizations. 📈 Continuous Monitoring: Establishment of Security Operations Centers (SOCs). 📈 Strict Timelines: Prompt reporting and resolution of vulnerabilities. 📈 Flexibility for Small Entities: Certain relaxations while maintaining periodic assessments. This framework is a significant step in fortifying India’s financial ecosystem against cyber risks. Learn how Interlynk can help meet SBOM and reporting requirements by reaching out to us here: https://t.co/QjdOhf1N8U

🛳️ Interlynk v3.1.6 makes it easy to monitor CWE Top 25 🛳️ This week's release of the Interlynk SBOM Management Platform adds Common Weakness Enumeration (CWE) and Vulnerability Advisory access across the NVD and OSV, allowing users to easily track OWASP® Foundation Top 10 / MITRE CWE Top 25 across products and versions. Additionally, this release improves PURL lookup and editing, enables version life cycle metric tracking, normalizes UX across 14 controls, and makes many usability fixes. 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺 𝗥𝗲𝗹𝗲𝗮𝘀𝗲 🌟 Highlights ⚓ Enhanced Vulnerability Management: Added support for CWE & Advisories persistence, improved NVD client implementation, and custom vulnerability handling ⚓ Improved UI Components: Integrated LynkSelect experience across multiple platform areas for a better user experience ⚓ Lifecycle Support: Implemented version lifecycle for dashboard based on project and enabled lifecycle support at the version level ⚓ Performance Optimizations: Refactored package lookup and storage logic to use normalized PURL format 📈 UI/UX Improvements ✨ Added dashboard card for version life stage 🩺 Updated support status check form 🔗 Improved component links preview 🐞 Bug Fixes 12 big and tiny bugs squished, including CSV export with commas and metric ignoring selection of environment in short cards Sign up for the Interlynk community tier here: https://t.co/cORKo9vQ92 Read our official release notes here: https://t.co/pYFC7n7GLb 𝗖𝗼𝗺𝗶𝗻𝗴 𝘁𝗼 𝗥𝗦𝗔? Let’s set up a quick meeting at RSA. Let us know a time that works for you, or book directly here: https://t.co/IWYrHcpMMa 🎁 You will also win an Interlynk surprise gift bag just for booking the slot.

🛳️ Interlynk v3.1.5 release is loaded with simplifying integrations 🛳️ This week's release improves integrations for easier user workflow1s, eliminates deprecated flows, and removes unusable controls from viewer view. 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺 𝗥𝗲𝗹𝗲𝗮𝘀𝗲 This week's release improves integrations for easier user workflows, eliminates deprecated flows, and removes unusable controls from viewer view. 🌟 Highlights ⚓ Enrich Java Packages: Enrich Java components from maven central. ⚓ Bitbucket: Support Searching & Pagination. ⚓ CPE: Deprecated CPEs are now removed from CPE helper workflows. ⚓ Security Enhancements: Added KEV details for CSV exports from Vulnerabilities ⚓ Enhanced Component Management: Improved SBOM vulnerability component code and refactored component links for better performance 📈 UI/UX Improvements ✨ Consistency in select controls across six views 🎨 Fixed misc styling issue in column width and icon controls ↪️ Updated Bitbucket icons Read our official release notes here: https://t.co/pYFC7n7GLb 𝗢𝗽𝗲𝗻 𝗦𝗼𝘂𝗿𝗰𝗲 𝗥𝗲𝗹𝗲𝗮𝘀𝗲 Interlynk's latest open-source tool, sbommv, facilitates seamless SBOM transfers across various platforms and destinations, including the Interlynk platform, OWASP DependencyTrack, S3, and GitHub repositories. Learn more here or try the tool here: https://t.co/olx9kLWEOe 𝗖𝗼𝗺𝗶𝗻𝗴 𝘁𝗼 𝗥𝗦𝗔? Let’s set up a quick meeting at RSA — let us know a time that works for you, or book directly here. 🎁 You will also win an Interlynk surprise gift bag just for booking the slot: https://t.co/QjdOhf1N8U

🚗 Connected Vehicles SBOM Compliance: Final Rule🛡️ The latest Federal Register notice outlines key requirements for "Declarations of Conformity" that may include SBOM and HBOM obligations for manufacturers to secure the supply chain for connected vehicles. Here's the breakdown: 1️⃣ Create and Maintain SBOMs: Ensure every software component (including open-source and third-party) is documented for transparency. 2️⃣ Adopt Standard Formats: Use industry standards like SPDX, CycloneDX, or SWID for interoperability and automation. 3️⃣ SBOM Elements Requirements: Maintain a separate set of SBOM elements requirements that builds on but clarifies NTIA MInimum Elements requirements. 4️⃣ Regular Updates: Keep SBOMs current as components change to support effective vulnerability management. 5️⃣ Manage Vulnerabilities: Establish processes to monitor and address risks as per NTIA guidelines. 6️⃣ Document and Comply: Maintain records of SBOM practices for compliance and share with authorities when required. 📢 While alternative methods of Declarations of Conformity are supported, by meeting these requirements with SBOM and HBOM, manufacturers can enhance cybersecurity and resilience in connected vehicles. At Interlynk, we will be rolling out support for new elements and requirements to integrate into our open-source tools and the SBOM automation platform. Source: https://t.co/BlQIPZBPj9

🚗 Korean Govt shows enthusiasm for connected car SBOM rules 🚗 Kudos to the South Korean industry ministry for successfully advocating clarity and practicality in the U.S.'s finalized rule on connected cars! This milestone addresses critical uncertainties for automakers, especially regarding the use of SBOM. The U.S. regulation now mandates: ✅ Carmakers to maintain SBOM records for at least 10 years. ✅ Declaration of conformity to ensure transparency in exporting to the U.S. market. ✅ A phased approach to prohibiting China and Russia-made software (2027) and hardware (2030). This progress further underscores SBOM's growing significance as a foundation for compliance, security, and trust in the automotive industry. SBOM empowers automakers to innovate confidently while adhering to global standards by ensuring visibility into software components. Source: https://t.co/rE4bPu06MD

🚀 New Blog: sbommv in Action! 🚀 Our latest blog explores how to use sbommv to enable seamless SBOM transfers across platforms like GitHub Releases, S3, local folders, free and open-source OWASP Dependency-Track, security tools, and the Interlynk SBOM platform (including the free community edition). sbommv is part of Interlynk’s open-source toolset: 🚀 sbomqs – SBOM Compliance Analysis 🔗 sbomasm – SBOM In-line Editing & Merging 🔍 sbomgr – SBOM Contextual Search Interlynk is making SBOM management more efficient and automated. If you're dealing with SBOM distribution challenges, this blog is for you! 🔍 Read the full post: https://t.co/HLRzVXSOkp 🛠️ Try sbommv: https://t.co/olx9kLWEOe

🌟 OwnersBox Selects Interlynk to Strengthen PCI DSS Compliance 🌟 OwnersBox, a leading fantasy sports and gaming innovator, has chosen Interlynk to enhance its compliance with PCI DSS4 (Payment Card Industry Data Security Standard) and improve security through the total product lifecycle. By leveraging Interlynk’s industry-leading Software Bill of Materials (SBOM) automation platform, OwnersBox is taking proactive steps to ensure robust security, regulatory adherence, and continuous risk management for its payment processing infrastructure. "At OwnersBox, the security of our users’ financial transactions is a top priority," said Brian Kipp, CEO at OwnersBox. "After reviewing many options, we found the Interlynk platform to be the most innovative and best suited for strengthening our compliance posture while ensuring that our payment ecosystem remains secure, transparent, and resilient against emerging cyber threats." About OwnersBox OwnersBox is a leading fantasy sports platform providing fans an engaging and dynamic experience. With innovative gameplay and a commitment to user security, OwnersBox redefines how Daily fantasy sports are played. OwnersBox has established itself as an emerging platform in the fantasy sports sector, delivering a dynamic and engaging experience for users. The company's innovative gameplay models, coupled with a robust commitment to user security, are redefining the daily fantasy sports landscape About Interlynk Interlynk is a leading provider of SBOM automation solutions, helping organizations manage software supply chain security, vulnerability management, and regulatory compliance. Its platform is trusted by businesses across various industries to enhance transparency and mitigate cyber risks. Thank you, Cosimo Commisso, for your insights, trust and for being an incredible partner. Press Release: https://t.co/GBzFEjF6Eu

🚨 FDA CDRH sharing SBOM pitfalls for MDMs🚨 The FDA's Center for Devices and Radiological Health (CDRH)'s Nastassia T. shared some of the FDA's findings in working with SBOM for Medical Device Manufacturers. ⚙️ Human-readable SBOM will be gone - Manufacturers are sometimes asked for human-readable SBOM for the devices. As the FDA matures its processes for SBOM evaluation, that will no longer be the case. ⚠️ SBOMs accuracy on the manufacturer - The FDA doesn't necessarily validate that an SBOM is "accurate", but not providing the appropriate information to the FDA could result in enforcement. 🚨Vulnerability management - The FDA prefers proactive risk management to a reactive one but does not expect SBOM to be without vulnerabilities. The key area of focus is the manufacturer's plan to provide a fix for the vulnerability. ☎️ Legacy device management - With the new authorities, the FDA is focused on ensuring that devices are still maintainable and patchable throughout the entire product lifecycle as they age. This has been a problem for devices built years ago, so the FDA wants to ensure that that will not be the status quo from this time onwards. ⁉️ Data Normalization - FDA encounters SBOM with many different names for the same component or operating system. This is a real challenge in understanding and evaluating SBOM for effective risk management. Manufacturers, are you considering these while SBOM? Source: https://t.co/fHa0qvHPFJ #SBOM #Cybersecurity #FDACompliance #MedTech

🔍 Friday is SBOM Jobs Day! 🔍 Are you looking to advance your career in software supply chain security? Several leading companies hire professionals with SBOM expertise to help ensure product security and compliance with regulations like the US FDA, EU NIS2, EU DORA, US Executive Order 14028, EU Product Liability Directive (PLD), EU Cyber Resilience Act (CRA) and PCI DSS4.0. If you're passionate about securing open-source software and third-party components, these roles offer a fantastic opportunity to be at the forefront of innovation in SBOM automation and software security. Check out the open positions and take the next step in your career! 🚀💼 [Emerson] Product Security Architect, Marshalltown (IA) https://t.co/ubuCmpDBZf [Emerson] Software Supply Chain Security Engineer, Shakopee (MN) https://t.co/atfHy9Oq75 [Mirion] Product Cybersecurity Manager, Atlanta (GA), Remote https://t.co/9W2oMV8mzY [Clarity Innovations] Senior Principal Platform Engineer (Lead), Herndon (VA) https://t.co/ogANAQ0DFM Good luck, and reach out to Interlynk if you need help getting started: https://t.co/XUG9edeSG2

🚀 5 Non-Obvious Ways SBOMs Help Development Teams 🚀 When most security professionals think of SBOM, they imagine compliance checkboxes or security audits. However, for development teams, SBOMs are a secret weapon that can transform how they build, manage, and deliver software. Here are five surprising ways SBOMs add value to developers: 1️⃣ Speed Up Security Analysis Imagine knowing every library, dependency, and version at a glance. SBOMs offer unparalleled transparency into your tech stack, helping developers pinpoint the root cause of issues faster. It's like having a roadmap when you hit a detour! 2️⃣ Simplify Tech Debt Management Tech debt grows when dependencies aren't tracked or updated. With an SBOM, teams can proactively monitor outdated components and plan upgrades systematically, preventing "dependency hell." This is also useful for system architects and senior management to track, as leaving the systems "as-is" incurs tech debt that becomes harder to pay back. 3️⃣ Improve Collaboration Across Teams Everyone benefits from having a shared source of truth, from security to DevOps and QA. An SBOM bridges the gaps between teams, ensuring everyone speaks the same language regarding dependencies, risks, and updates, especially when questions arise from vulnerabilities in transitive dependencies. 4️⃣ Enable Better Dependency Negotiations SBOMs provide complex data for organizations that rely on third-party vendors to evaluate the quality and security of their dependencies. This insight strengthens negotiating power with vendors and ensures secure, well-maintained libraries. 5️⃣ Support Continuous Innovation Git repositories significantly boosted development velocity because source code management became an afterthought. Similarly, by automating dependency tracking, SBOM frees developers to focus on delivering value rather than mapping vulnerabilities to releases! With fewer manual tasks and fewer surprises from hidden risks, teams can confidently ship faster.

🔒 Nuclei Vulnerability Management: An SBOM Essential 🔒 A recently disclosed vulnerability in the popular Nuclei vulnerability scanner (CVE-2024-43405) reminds us of the importance of maintaining a comprehensive and up-to-date SBOM of an organization's toolset - even if they are open-source. This vulnerability, affecting versions 3.0.0 to 3.3.1, allows attackers to execute arbitrary code by exploiting a weakness in the template signature verification process. 📋 How does an SBOM help? An SBOM provides an inventory of all software components, including their versions and associated metadata, and as a result, acts as an inventory of tools used within the organization. With an accurate SBOM in place: ✅ Security teams can get timely notifications for the reported vulnerability. ✅ Organizations can act swiftly to mitigate risks, like patching or upgrading. ✅ Supply chain transparency is improved, ensuring all stakeholders are aware of potential risks. In the case of Nuclei, an SBOM would allow teams to: 1️⃣ Spot affected versions in their systems. 2️⃣ Apply necessary updates proactively to reduce exposure. As vulnerabilities like these continue to emerge, SBOMs play a critical role in enhancing software supply chain security, enabling organizations to: 🔍 Stay ahead of threats. 🛡️ Improve compliance with regulations and frameworks. 📈 Build trust with users and stakeholders. 🔑 In today's threat landscape, an SBOM isn't just a nice-to-have—it's a necessity.

🌐 Strengthening Cybersecurity in India’s Financial Sector 🚀 Securities and Exchange Board of India (SEBI) - India's market regulator - has unveiled its Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI-regulated industries. This groundbreaking initiative mandates regulated entities like stockbrokers, depositories, and asset managers to adopt robust cybersecurity measures to protect against evolving threats. 💡 Key Highlights: 📈 SBOM Requirements: REs to obtain SBOM for critical systems software products / SaaS at the time of procurement 📈 Mandatory Vulnerability Assessments: Regular VAPT after major software changes. 📈 Engagement with Experts: Use of CERT-In empanelled auditing organizations. 📈 Continuous Monitoring: Establishment of Security Operations Centers (SOCs). 📈 Strict Timelines: Prompt reporting and resolution of vulnerabilities. 📈 Flexibility for Small Entities: Certain relaxations while maintaining periodic assessments. This framework is a significant step in fortifying India’s financial ecosystem against cyber risks.

💊 💾 FDA guidance for AI-enabled medical devices! 💊💾 Today, the FDA has published its final guidance to enhance AI-driven medical technologies' safety, effectiveness, and lifecycle management. Link: https://t.co/ZjwEbAIXFv Unlike software, AI-enabled devices have the potential to 'change' behavior with the underlying model. Therefore, this recommendation is intended to simplify change management for previously approved devices. Key highlights of the guidance: 💊 Lifecycle Perspective: Emphasizing continuous oversight of AI-enabled devices from development to deployment and beyond. 💊 Performance Monitoring: Recommendations for tracking AI system performance to ensure reliability and patient safety. 💊 Transparency: Clear guidance on what information should be communicated to users about the device's AI functionality. 💊 Public Input: The FDA is inviting feedback on these draft guidelines through April 7, fostering a collaborative approach to regulation. 💊 FDA Webinar detailshere: https://t.co/YjOGGk4tCQ This guidance builds on the lessons learned from over 1,000 authorized AI-enabled devices, aiming to streamline innovation while ensuring regulatory clarity. Interlynk is committed to helping organizations meet and stay up-to-date with FDA cybersecurity requirements.

🎄 EU Legislative Landscape 🎄 Cybersecurity faces a unique challenge: proving a negative. Without standardized metrics to demonstrate risk reduction, much focus remains on regulations and compliance. Yet, the evolving regulatory landscape is often overlooked—and it's transforming right before our eyes. Take the regulations moving through the European Union as an example. We're witnessing tectonic shifts in how software must be built, packaged, and monitored and how incidents must be reported. Many of these changes are already in the implementation phase. A stronger security posture won't just be about compliance—it will soon become a strategic advantage. Is your organization ready for this shift? Source: https://t.co/kRwd2kx1B8

🔐 BSI Vulnerability Notification Guidelines for Cyber Resilience 🛂 Cyber Resilience Act (CRA) officially becomes the law on Wednesday, December 11th. In preparation, Germany's Federal Office for Information Security (BSI) has just released updated guidelines for Technical Directive TR-03183, with a clear focus on SBOM (Software Bill of Materials) and Vulnerability reporting requirements! These new guidelines strengthen transparency and security in software supply chains, ensuring organizations can better manage open-source and third-party risks in compliance with the CRA. This is a significant step towards enhancing cyber resilience and building trust in every digital product sold across Europe. 🔗 Stay tuned as we explore these updates and their implications for security, compliance, and risk management. We have also updated the Interlynk open-source utility hashtag#sbomqs and platform to check against updated requirements and vulnerability notifications. Source: https://t.co/c9MKzffCns sbomqs : https://t.co/SZRbn6TCGt Free SBOM Automation Platform: https://t.co/cORKo9vQ92 #CyberResilienceAct #SBOM #BSI #Cybersecurity #SoftwareSupplyChain #TR03183 #Compliance #CycloneDX #SPDX