|
Software Bill Of Materials
A software supply chain is composed of the components, libraries, tools, and processes used to develop, build, and publish a software artifact. Software vendors often create products by assembling open source and commercial software components. A ''software bill of materials'' (SBOM) declares the inventory of components used to build a software artifact such as a software application. It is analogous to a list of ingredients on food packaging: where you might consult a label to avoid foods that may cause allergies, SBOMs can help organizations or persons avoid consumption of software that could harm them. The concept of a BOM is well-established in traditional manufacturing as part of supply chain management. A manufacturer uses a BOM to track the parts it uses to create a product. If defects are later found in a specific part, the BOM makes it easy to locate affected products. Usage An SBOM is useful both to the builder (manufacturer) and the buyer (customer) of a software pro ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Open-source Software
Open-source software (OSS) is computer software that is released under a license in which the copyright holder grants users the rights to use, study, change, and distribute the software and its source code to anyone and for any purpose. Open-source software may be developed in a collaborative public manner. Open-source software is a prominent example of open collaboration, meaning any capable user is able to participate online in development, making the number of possible contributors indefinite. The ability to examine the code facilitates public trust in the software. Open-source software development can bring in diverse perspectives beyond those of a single company. A 2008 report by the Standish Group stated that adoption of open-source software models has resulted in savings of about $60 billion per year for consumers. Open source code can be used for studying and allows capable end users to adapt software to their personal needs in a similar way user scripts an ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
National Telecommunications And Information Administration
The National Telecommunications and Information Administration (NTIA) is an agency of the United States Department of Commerce that serves as the President's principal adviser on telecommunications policies pertaining to the United States' economic and technological advancement and to regulation of the telecommunications industry. Among its stated goals are: * Working to ensure that all Americans have affordable phone and cable TV service. * Helping to bring the benefits of advanced telecommunications technologies to millions of Americans in rural and underserved urban areas through its information infrastructure grants. * Providing the hardware that enables public radio and television broadcasters to extend and maintain the reach of their programming. * Advocating competition and liberalization of telecommunications policies around the world. * Participating in international government-to-government negotiations to open markets for U.S. companies. * Negotiating with foreig ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Supply Chain Management
In commerce, supply chain management (SCM) is the management of the flow of goods and services including all processes that transform raw materials into final products between businesses and locations. This can include the movement and storage of raw materials, work-in-process inventory, finished goods, and end to end order fulfilment from the point of origin to the point of consumption. Interconnected, interrelated or interlinked networks, channels and node businesses combine in the provision of products and services required by end customers in a supply chain. Supply-chain management has been defined as the "design, planning, execution, control, and monitoring of supply chain activities with the objective of creating net value, building a competitive infrastructure, leveraging worldwide logistics, synchronising supply with demand and measuring performance globally". SCM practice draws heavily on industrial engineering, systems engineering, operations management, logis ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Dependency Hell
Dependency hell is a colloquial term for the frustration of some software users who have installed software packages which have dependencies on specific versions of other software packages. The dependency issue arises when several packages have dependencies on the same ''shared'' packages or libraries, but they depend on different and incompatible versions of the shared packages. If the shared package or library can only be installed in a single version, the user may need to address the problem by obtaining newer or older versions of the dependent packages. This, in turn, may break other dependencies and push the problem to another set of packages. Problems Dependency hell takes several forms: ; Many dependencies : An application depends on many libraries, requiring lengthy downloads, large amounts of disk space, and being very portable (all libraries are already ported enabling the application itself to be ported easily). It can also be difficult to locate all the dependencies ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Manifest File
A manifest file in computing is a file containing metadata for a group of accompanying files that are part of a set or coherent unit. For example, the files of a computer program may have a manifest describing the name, version number, license and the constituent files of the program. The term is borrowed from a cargo shipping procedure, where a ship manifest would list the crew and/or cargo of a vessel. Package manifest Linux distributions rely heavily on package management systems for distributing software. In this scheme, a package is an archive file containing a manifest file. The primary purpose is to enumerate the files which are included in the distribution, either for processing by various packaging tools or for human consumption. Manifests may contain additional information; for example, in JAR (a package format for delivering software written in Java programming language), they can specify a version number and an entry point for execution. The manifest may optionally cont ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Code Signing
Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. The process employs the use of a cryptographic hash to validate authenticity and integrity. Code signing was invented in 1995 by Michael Doyle, as part of the Eolas WebWish browser plug-in, which enabled the use of public-key cryptography to sign downloadable Web app program code using a secret key, so the plug-in code interpreter could then use the corresponding public key to authenticate the code before allowing it access to the code interpreter’s APIs. Code signing can provide several valuable features. The most common use of code signing is to provide security when deploying; in some programming languages, it can also be used to help prevent namespace conflicts. Almost every code signing implementation will provide some sort of digital signature mechanism to verify the identity of the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Supply Chain Attack
A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018. The Target security breach, Eastern European ATM malware, as well as the Stuxnet computer worm are examples of supply chain attacks. Supply chain management experts recommend strict control of an institution's supply network in order to prevent potential damage from cyber criminals. Overview A supply chain is a system of activities involved in handling, distributing, manufacturing, and processing goods in order to move ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Software Toolchain
In software, a toolchain is a set of programming tools that is used to perform a complex software development task or to create a software product, which is typically another computer program or a set of related programs. In general, the tools forming a toolchain are executed consecutively so the output or resulting environment state of each tool becomes the input or starting environment for the next one, but the term is also used when referring to a set of related tools that are not necessarily executed consecutively. A simple software development toolchain may consist of a compiler and linker (which transform the source code into an executable program), libraries (which provide interfaces to the operating system), and a debugger (which is used to test and debug created programs). A complex software product such as a video game needs tools for preparing sound effects, music, textures, 3-dimensional models and animations, together with additional tools for combining these resourc ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
National Institute Of Standards And Technology
The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical science laboratory programs that include nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement. From 1901 to 1988, the agency was named the National Bureau of Standards. History Background The Articles of Confederation, ratified by the colonies in 1781, provided: The United States in Congress assembled shall also have the sole and exclusive right and power of regulating the alloy and value of coin struck by their own authority, or by that of the respective states—fixing the standards of weights and measures throughout the United States. Article 1, section 8, of the Constitution of the United States, ratified in 1789, granted these powers to the new Congr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Commercial Software
Commercial software, or seldom payware, is a computer software that is produced for sale or that serves commercial purposes. Commercial software can be proprietary software or free and open-source software. Background and challenge While software creation by programming is a time and labor-intensive process, comparable to the creation of physical goods, the reproduction, duplication and sharing of software as digital goods is in comparison disproportionately easy. No special machines or expensive additional resources are required, unlike almost all physical goods and products. Once a software is created it can be copied in infinite numbers, for almost zero cost, by anyone. This made commercialization of software for the mass market in the beginning of the computing era impossible. Unlike hardware, it was not seen as trade-able and commercialize-able good. Software was plainly shared for free (hacker culture) or distributed bundled with sold hardware, as part of the service t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Software Package Data Exchange
Software Package Data Exchange (SPDX) is an open standard for software bill of materials (SBOM). SPDX allows the expression of components, licenses, copyrights, security references and other metadata relating to software. Its original purpose was to improve license compliance, and has since been expanded to facilitate additional use-cases, such as supply-chain transparency and security. SPDX is authored by the community-driven SPDX Project under the auspices of the Linux Foundation. The current version of the standard is 2.3. Version history The first version of the SPDX specification was intended to make compliance with software licenses easier, but subsequent versions of the specification added capabilities intended for other use-cases, such as being able to contain references to known software vulnerabilities. Recent versions of SPDX fulfill the NTIA's 'Minimum Elements For a Software Bill of Materials'. SPDX 2.2.1 was submitted to the International Organization for ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
.svg "Click for more on -> Supply Chain Management")
