Mediaboss Marketing

Securing the software supply chain has become increasingly important over the last few years in response to numerous high-profile attacks targeting it, such as Sunburst, Log4j and Heartbleed.

One method growing in popularity is to use a software bill of materials (SBOM). Like a manufacturing-based bill of materials, an SBOM lists all the software components used to create a specific application. SBOMs include the following:

By understanding what is used within deployed software, organizations can quickly find and patch any vulnerabilities in it before malicious actors can take advantage of them.

Many companies offer products to help organizations build their SBOM. The following are five SBOM vendors worth considering.

Anchore offers proprietary software and open source options for SBOM generation. Smaller organizations can use its two open source tools to help with SBOM generation: Syft, a command-line tool, and Grype, a vulnerability scanning tool. Syft creates an SBOM using container images and file systems, while Grype searches for vulnerabilities within the images and file systems. The tools can be used together within the software development lifecycle (SDLC) and be kept in the same centralized repository. Anchore products support multiple SBOM formats, including CycloneDX and Software Package Data Exchange.

The company also offers Anchore Enterprise for large and enterprise organizations. With this tool, companies can generate SBOMs at each stage in the development process that list every software component, including direct and transitive dependencies.

Anchore Enterprise is available in Team, Business, Ultimate and Ultimate+ tiers. Contact the company for pricing.

Vulnerability management vendor Fossa offers an open source SBOM tool that can work alongside its vulnerability management product. It enables software developers to get an accurate view of interdependencies among the various code modules and third-party licenses used in the development of a project. Fossa's vulnerability management tool can then be used to detect security vulnerabilities that could be introduced into the SBOM. For example, it limits false positives and detects fake licensing entries. The tool also alerts teams when a breach is detected. The Fossa API connects to a database of open source projects and metadata to offer teams detailed statistics and updates.

One of Fossa's biggest strengths is it is compatible with popular version controls, including GitHub and GitLab.

Fossa is available in three tiers: Free, Business for $52 per month or Enterprise. Contact Fossa for a customized Enterprise quote.

Mend.io, formerly WhiteSource, offers SBOM generation capabilities as part of its software composition analysis tool, Mend SCA. The tool helps identify open source libraries in use and documents each component and its dependencies.

The tool's key strengths include an undivided focus on vulnerability remediation, scalability, false positive detection and automatic SBOM updates.

Users can request a free trial. Pricing for Mend SCA Advanced starts at $16,000 per year for 20 software developers; Mend Static Application Security Testing Advanced starts at $16,000 per year for 20 developers; Mend SCA and SAST Advanced start at $24,000 per year for 20 developers; and Mend Premium Package is designed for companies with more than 500 developers. Contact the company for pricing.

Rezilion, which caters to DevSecOps teams, offers an SBOM generation tool called Dynamic SBOM. This tool gives software development teams complete visibility into all the software components used in the creation of a project. Teams can ascertain and remediate any vulnerabilities that may occur in the course of the SDLC. Dynamic SBOM also provides the ability for real-time monitoring and updating.

Rezilion offers a free Basic tier, which provides unlimited SBOM generation and limited vulnerability scans and analysis. Premium and Enterprise tiers are also available. Contact the company for pricing.

Vigilant Ops' InSight Platform is a SaaS-based SBOM tool designed for healthcare, energy, manufacturing and similar industries. It offers SBOM compliance certification for auditing and keeping SBOMs up to date with component updates, as well as component validation, SBOM management and distribution, and automated vulnerability discovery. With the SBOM tool, teams can also create a component listing for legacy tools.

Vigilant Ops offers a free trial for SBOM generation. Contact the company for InSight Platform pricing.

Excerpt from:
5 SBOM tools to start securing the software supply chain - TechTarget

A man walks in front of a Peloton store in Manhattan on May 05, 2021 in New York.

John Smith | Corbis News | Getty Images

Check out the companies making the biggest moves midday:

Peloton The fitness platform operator saw shares drop 8.9% after the U.S. Consumer Product Safety Commission said it's recalling more than 2 million bikes over concerns about seat breakages and related injuries. Peloton will offer free, updated seat posts to anyone using the recalled model.

Alphabet Shares added 4.31% a day after Google unveiled new software and gadgets at its developer conference. The tech giant also said it is eliminating the waitlist for its chatbot Bard.

PacWest Bancorp The regional bank's stock sank 22.7% after the company said deposits dropped 9.5% for the week ended May 5. Other regional bank shares followed suit, with Western Alliance and First Horizon shedding 7.3% and 3.2%, respectively.

Beyond Meat Shares tumbled 18.27% after the alternative meat manufacturer said it plans to sell up to $200 million of its common stock. The company said it intends to use the proceeds for general corporate and working capital purposes. The announcement came after Beyond Meat reported a first-quarter earnings-per-share loss that was less than expected.

Disney Disney shares tumbled 8.73% after the media company reported a drop in streaming subscribers. The entertainment giant also reported revenue and earnings in line with Wall Street's estimates, according to Refinitiv.

Icahn Enterprises Shares of Carl Icahn's conglomerate slid another 1.77% after notable short seller Hindenburg Research doubled down on its short-selling campaign against the company following its quarterly report. Icahn Enterprises reported a net loss of $270 million in the first quarter, with its hedge fund losing 4.1% during the period. It declared a $2 per share quarterly dividend.

AppLovin Shares popped 23.53% following the company's first-quarter revenue beat. Revenue was $715.4 million, compared to the $694.8 million expected, per StreetAccount. AppLovin's second-quarter guidance also topped expectations.

Goodyear Tire & Rubber The tire manufacturer's stock soared 21.42% after Elliott Investment Management sent a letter and presentation to the company. Elliott, which has about a 10% stake in Goodyear, said the purpose was to "outline the right path forward to create value at Goodyear and realize its full potential."

Unity Software Shares rallied about 12.94% after the video game software developer reported its first-quarter results. Unity Software's revenue of $500 million beat the $480 million expected from analysts polled by Refinitiv. The company also raised its full-year revenue outlook.

Tapestry Shares of the Coach parent jumped 8.27% after the company reported stronger-than-expected earnings and revenue for its latest quarter. It also issued upbeat guidance for the year that topped estimates.

Robinhood The stock added 6.39% after the brokerage reported better-than-expected revenue for the first quarter. Its first-quarter revenue came in at $441 million, versus analyst estimates of $425 million, according to Refinitiv. Robinhood also showed growth of monthly users, which hit 11.8 million.

Sonos Shares plunged 23.69% on the back of disappointing quarterly results. The company reported an adjusted loss of 24 cents per share, while analysts polled by Refinitiv expected a loss of 18 cents per share. The home sound systems manufacturer also reduced its guidance for the second half of the 2023 fiscal year amid weakening consumer demand and channel partner inventory tightening.

JD.com The U.S.-listed shares of JD.com advanced 7.21% after the Chinese tech firm beat analysts' first-quarter expectations on the top and bottom lines. JD.com reported earnings of CNY4.76 per share, exceeding consensus estimates of CNY3.53. Revenue came in at CNY242.96 billion, higher than expectations of CNY240.81 billion. Separately, JD.com said that Sandy Ran Xu, who is the company's current CFO, has been appointed to succeed Lei Xu as CEO and executive director.

Axon Enterprise Axon Enterprise gained 6.16% after JPMorgan said the pullback in the stock following its first-quarter results on Tuesday is a buying opportunity. The Taser maker slid 15% on Wednesday after reporting some disappointing total gross margin figures, even as it otherwise beat analysts' expectations.

Albemarle The chemical manufacturing stock added 2.06% after being upgraded by Keybanc to overweight from sector weight, citing improving trends in China's lithium market.

CNBC's Tanaya Macheel, Hakyung Kim, Yun Li, Alex Harring, Samantha Subin and Sarah Min contributed reporting.

Read this article:
Stocks making the biggest moves midday: Peloton, Beyond Meat, Alphabet, PacWest & more - CNBC

Key Insights

Today we will run through one way of estimating the intrinsic value of Adobe Inc. (NASDAQ:ADBE) by taking the expected future cash flows and discounting them to their present value. We will use the Discounted Cash Flow (DCF) model on this occasion. Believe it or not, it's not too difficult to follow, as you'll see from our example!

Companies can be valued in a lot of ways, so we would point out that a DCF is not perfect for every situation. For those who are keen learners of equity analysis, the Simply Wall St analysis model here may be something of interest to you.

View our latest analysis for Adobe

We use what is known as a 2-stage model, which simply means we have two different periods of growth rates for the company's cash flows. Generally the first stage is higher growth, and the second stage is a lower growth phase. In the first stage we need to estimate the cash flows to the business over the next ten years. Where possible we use analyst estimates, but when these aren't available we extrapolate the previous free cash flow (FCF) from the last estimate or reported value. We assume companies with shrinking free cash flow will slow their rate of shrinkage, and that companies with growing free cash flow will see their growth rate slow, over this period. We do this to reflect that growth tends to slow more in the early years than it does in later years.

Generally we assume that a dollar today is more valuable than a dollar in the future, so we need to discount the sum of these future cash flows to arrive at a present value estimate:

("Est" = FCF growth rate estimated by Simply Wall St)Present Value of 10-year Cash Flow (PVCF) = US$80b

After calculating the present value of future cash flows in the initial 10-year period, we need to calculate the Terminal Value, which accounts for all future cash flows beyond the first stage. For a number of reasons a very conservative growth rate is used that cannot exceed that of a country's GDP growth. In this case we have used the 5-year average of the 10-year government bond yield (2.1%) to estimate future growth. In the same way as with the 10-year 'growth' period, we discount future cash flows to today's value, using a cost of equity of 8.1%.

Terminal Value (TV)= FCF2032 (1 + g) (r g) = US$16b (1 + 2.1%) (8.1% 2.1%) = US$277b

Present Value of Terminal Value (PVTV)= TV / (1 + r)10= US$277b ( 1 + 8.1%)10= US$127b

The total value is the sum of cash flows for the next ten years plus the discounted terminal value, which results in the Total Equity Value, which in this case is US$208b. To get the intrinsic value per share, we divide this by the total number of shares outstanding. Relative to the current share price of US$344, the company appears a touch undervalued at a 24% discount to where the stock price trades currently. Remember though, that this is just an approximate valuation, and like any complex formula - garbage in, garbage out.

The calculation above is very dependent on two assumptions. The first is the discount rate and the other is the cash flows. Part of investing is coming up with your own evaluation of a company's future performance, so try the calculation yourself and check your own assumptions. The DCF also does not consider the possible cyclicality of an industry, or a company's future capital requirements, so it does not give a full picture of a company's potential performance. Given that we are looking at Adobe as potential shareholders, the cost of equity is used as the discount rate, rather than the cost of capital (or weighted average cost of capital, WACC) which accounts for debt. In this calculation we've used 8.1%, which is based on a levered beta of 1.007. Beta is a measure of a stock's volatility, compared to the market as a whole. We get our beta from the industry average beta of globally comparable companies, with an imposed limit between 0.8 and 2.0, which is a reasonable range for a stable business.

Although the valuation of a company is important, it ideally won't be the sole piece of analysis you scrutinize for a company. DCF models are not the be-all and end-all of investment valuation. Rather it should be seen as a guide to "what assumptions need to be true for this stock to be under/overvalued?" If a company grows at a different rate, or if its cost of equity or risk free rate changes sharply, the output can look very different. Why is the intrinsic value higher than the current share price? For Adobe, we've compiled three essential items you should look at:

PS. The Simply Wall St app conducts a discounted cash flow valuation for every stock on the NASDAQGS every day. If you want to find the calculation for other stocks just search here.

Find out whether Adobe is potentially over or undervalued by checking out our comprehensive analysis, which includes fair value estimates, risks and warnings, dividends, insider transactions and financial health.

Have feedback on this article? Concerned about the content? Get in touch with us directly. Alternatively, email editorial-team (at) simplywallst.com.

This article by Simply Wall St is general in nature. We provide commentary based on historical data and analyst forecasts only using an unbiased methodology and our articles are not intended to be financial advice. It does not constitute a recommendation to buy or sell any stock, and does not take account of your objectives, or your financial situation. We aim to bring you long-term focused analysis driven by fundamental data. Note that our analysis may not factor in the latest price-sensitive company announcements or qualitative material. Simply Wall St has no position in any stocks mentioned.

See the article here:
Adobe Inc.'s (NASDAQ:ADBE) Intrinsic Value Is Potentially 32% Above Its Share Price - Simply Wall St

Chinese police have been investigating a crash involving a Tesla Model Y in which a motorcyclist and a high-school girl died and three people were injured when the driver lost control of the vehicle last November.

At the time, Tesla said videos showed the cars brake lights were not on while it was speeding and data showed issues such as there being no action to step on the brakes throughout its journey.

In February around 360,000 Teslas were recalled in the US over fears that its so-called Full Self-Driving (FSD) software could send cars speeding through junctions and traffic lights.

The US National Highway Traffic Safety Administration ordered a mandatory software update to adjust the FSD software. The company said it disagreed with the NHTSAs view but would implement the update anyway out of an abundance of caution.

Last year the Elon Musk-owned electric car company was the most recalled automotive brand in the US, according to Autoweek magazine, with recalls including remote software updates.

Mr Musk has previously described official use of the word recall as including software updates where affected cars are remotely updated as anachronistic and just flat wrong.

The FSD software cannot be activated in the UK.

Ford launched Britains first hands-free car in April, with its Mustang Mach-E being approved by the Department for Transport for use on UK roads.

The companys BlueCruise system only works on motorways. It keeps cars within lanes and automatically adjusts speeds in accordance with signs and surrounding traffic.

Go here to see the original:
Tesla forced to recall 1 million cars over braking risk fears - The Telegraph

RIB Software, a multinational providing innovative technology solutions to the architecture, engineering and construction (AEC) industry, has partnered withBuilding Transparency, a non-profit organisation that has developed a free and open access tool targeted at reducing the impact of embodied carbon and making the industry more efficient and sustainable.

RIB BACKS EMBODIED CARBON MEASUREMENT TECHNOLOGY TO IMPROVE THE BUILDING INDUSTRYS SUSTAINABILITY

This advertisement has not loaded yet, but your article continues below.

This is particularly useful to construction material procurers, developers, contractors, and policymakers alike. By being able to measure the amount of embodied carbon within production materials, these stakeholders are empowered to evaluate a projects overall carbon emissions and utilise that information to procure low-carbon material alternatives or, in the case of regulators, set embodied carbon limits.

This advertisement has not loaded yet, but your article continues below.

Addressing the building industrys environmental impact

Working in a sustainable manner is critical to the future prosperity of the world. The continued disregard for the negative and potentially disastrous effects of greenhouse-gas emissions, pollutants and other environmentally unsafe practices must be addressed.

This advertisement has not loaded yet, but your article continues below.

Partnership speaks to core purposes

There is a need to actionably and urgently reduce the carbon footprint of the AEC industry. Knowledge is power and integrating technology such as EC3 into the workings of the sector provides critical decision-makers with the tools and data needed to effectively evaluate and understand the true carbon footprint associated with their projects. Armed with this, they will be able to chart tangible targets and collectively help minimise the industrys impact on the environment. We all have a role to play in building a more sustainable world, says Stacy Smedley, Executive Director of Building Transparency.

Throughout our 60-year history, transformative digital technologies have enabled RIB to manage entire project lifecycles, ensuring that projects are completed on time, within budget, to high-quality standards and importantly while reducing carbon footprints. Our partnership with Building Transparency will expand our portfolio of software solutions,enabling us to continually propel the global industry forward toward achieving its sustainability targets, concludes Ren Wolf, RIB CEO.

This advertisement has not loaded yet, but your article continues below.

Sustainable solutions are at the heart of everything we do

With more than 550,000 users and 2,600 talents, RIB aims to connect people, processes and data in innovative ways. That includes supporting the development and availability of world-leading solutionsthat empower industry professionals to quantify, measure, report on and compare embodied carbon across the project lifecycle. In-progress development sees RIBs solutions ultimately enabling better design and procurement decisions factoring in cost, time and carbon in order to mitigate and eliminate embodied carbon used across the life of a building. From planning to construction, to operation and maintenance, RIB is placing people, sustainability and industry best practices at the heart of everything it does.

ENDS

Attachment

View original post here:
RIB backs embodied carbon measurement technology to improve the building industry's sustainability - Financial Post