Towards Software Bill of Materials in the Nuclear Industry

Eggers, Shannon; Christensen, Drew; Simon, Tori Brooke; Morgan, Baleigh Rae; Bauer, Ethan S

doi:10.2172/1901825

Cited by 2 publications

(2 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cyber risk is a combination of threats, exploits, and vulnerabilities regarding cyber risk management. Adopting the Software Bill of Materials (SBOM) (CISA, 2022;Elias and Hewitt-Jones, 2023;CycloneDX, 2023;Dependency-Track, 2023;Eggers et al, 2022;NIST, 2023b;NTIA, 2023;Carmody et al, 2021) in the United States marks a watershed milestone in this field. Nonetheless, the sheer volume of possible vulnerabilities revealed by SBOMs highlights the critical need for risk management automation.…”

Section: Cybersecurity Assurancementioning

confidence: 99%

Integrated cybersecurity for metaverse systems operating with artificial intelligence, blockchains, and cloud computing

Radanliev

2024

Front. Blockchain

View full text Add to dashboard Cite

In the ever-evolving realm of cybersecurity, the increasing integration of Metaverse systems with cutting-edge technologies such as Artificial Intelligence (AI), Blockchain, and Cloud Computing presents a host of new opportunities alongside significant challenges. This article employs a methodological approach that combines an extensive literature review with focused case study analyses to examine the changing cybersecurity landscape within these intersecting domains. The emphasis is particularly on the Metaverse, exploring its current state of cybersecurity, potential future developments, and the influential roles of AI, blockchain, and cloud technologies. Our thorough investigation assesses a range of cybersecurity standards and frameworks to determine their effectiveness in managing the risks associated with these emerging technologies. Special focus is directed towards the rapidly evolving digital economy of the Metaverse, investigating how AI and blockchain can enhance its cybersecurity infrastructure whilst acknowledging the complexities introduced by cloud computing. The results highlight significant gaps in existing standards and a clear necessity for regulatory advancements, particularly concerning blockchain’s capability for self-governance and the early-stage development of the Metaverse. The article underscores the need for proactive regulatory involvement, stressing the importance of cybersecurity experts and policymakers adapting and preparing for the swift advancement of these technologies. Ultimately, this study offers a comprehensive overview of the current scenario, foresees future challenges, and suggests strategic directions for integrated cybersecurity within Metaverse systems utilising AI, blockchain, and cloud computing.

show abstract

Section: Cybersecurity Assurancementioning

confidence: 99%

Integrated cybersecurity for metaverse systems operating with artificial intelligence, blockchains, and cloud computing

Radanliev

2024

Front. Blockchain

View full text Add to dashboard Cite

show abstract

“…Although the number of records was very limited, the results were extremely interesting. We discovered that VEX has been considered for use in the US Nuclear Industry [6], for resolving software supply chain insecurities in vehicles [7], and the most interesting document was a Bachelors thesis on the 'Development of an API to request security advisories for CSAF 2.0' [8]. The document is surprisingly detailed, and given more time, this effort could have solved the CBOM/VEX integration and automation problem.…”

Section: Data Sourcesmentioning

confidence: 99%

Generative Pre-Trained Transformers, Natural Language Processing and Artificial Intelligence and Machine Learning (AI/ML) in Software Vulnerability Management: automations in the Software Bill of Materials (SBOM) and the Vulnerability-Exploitability eXchange (VEX)

Radanliev¹,

Roure²,

Santos³

2023

Preprint

View full text Add to dashboard Cite

One of the most burning topics in cybersecurity in 2023 will undoubtedly be the compliance with the Software Bill of Materials. Since the US president issued the Executive Order 14028 on Improving the Nation’s Cybersecurity, software developers have prepared and bills are transmitted to vendors, customers, and users, but they don’t know what to do with the reports they are getting. In addition, since software developers have identified the values of the Software Bill of Materials, they have been using the reports extensively. This article presents an estimate of 270 million requests per month, just from form one popular tool to one vulnerability index. This number is expected to double every year and a half. This simple estimate explains the urgency for automating the process. We propose solutions based on artificial intelligence and machine learning, and we base our tools on the existing FAIR principles (Findable, Accessible, Interoperable, and Reusable). This methodology is supported with a case study research and Grounded theory, for categorising data into axis, and for verifying the values of the tools with experts in the field. We showcase how to create, and share Vulnerability Exploitability eXchange data, and automate the Software Bill of Materials compliance process with AI models and a unified computational framework combining solutions for the following problems: (1) the data utilisation problem, (2) the automation and scaling problem, (3) the naming problem, (4) the alignment problem, (5) the pedigree, and provenance problem, and many other problems that are on the top of mind for many security engineers at present. The uptake of these findings will depend on collaborations with government and industry, and on the availability and the ease of use of automated tools.

show abstract

Towards Software Bill of Materials in the Nuclear Industry

Cited by 2 publications

References 1 publication

Integrated cybersecurity for metaverse systems operating with artificial intelligence, blockchains, and cloud computing

Integrated cybersecurity for metaverse systems operating with artificial intelligence, blockchains, and cloud computing

Generative Pre-Trained Transformers, Natural Language Processing and Artificial Intelligence and Machine Learning (AI/ML) in Software Vulnerability Management: automations in the Software Bill of Materials (SBOM) and the Vulnerability-Exploitability eXchange (VEX)

Contact Info

Product

Resources

About