Mediaboss Marketing

As the Defense Department focuses on increasingthe number of small contractors in the defense industrial base, its Office of Small Business Programs is working on a series of software tools it plans to provide to industry to make it easier to do business with the federal government.

Speaking at an enterprise information technology event hosted by AFCEA's northern Virginia chapter Thursday, Farooq Mitha, director of the Pentagons Office of Small Business Programs, said the office would be releasing a series of software tools later this year to assist on everything from better market intelligence for the acquisition workforce to operation security for small businesses.

Mitha said the latter will become increasingly important as the DOD continues to develop its Cybersecurity Maturity Model Certification regulation, which would require contractors to possess certain levels of cybersecurity to compete for defense contracts.

When I first came into this job, a company said to me, Hey, DOD is rolling out CMMC, and Im not going to be able to comply with this. Its costly, there are a lot of different levels and its a barrier to entry, he said. I wanted to make sure we were helping companies, at the earliest stage possible, get the resources they need to comply with not just CMMC, but the current [National Institute of Standards and Technology] 800-171 requirements.

Mitha said the rulemaking process for the anticipated regulation is still being developed following its revision in 2021, but that his office, through its Project Spectrum education and training initiative, would be deploying free downloadable tools "in the coming months" for small contractors handling the controlled unclassified information that CMMC is intended to protect.

I think that small business operational security is critical, he said. When you [have] cyber and other types of intrusions, you lose [intellectual property], you have financial losses, we lose government data and nobody wins. So its on us to protect you.

He added that the Office of Small Business Programs is still working out the details of a possible cost-sharing model with industry to determine what features the DOD would fund and what companies would pick up, but the goal would be to small businesses secure their systems and offset some of the cost compliance burden they would entail under CMMC.

Those forthcoming tools complement resources the Pentagon is already providing through Project Spectrums website, such as cyber readiness training, tool reviews, free access to cyber advisors and other resources.

Outside of the CMMC compliance efforts, Mitha also said the Office of Small Business Programs was also working on new software tools to provide better market intelligence to the Pentagons acquisition workforce.

If we want to go out and find not companies that are just in the DOD marketplace, not just in the federal government marketplace, but new entrants, companies that have only been commercial business, we need to do better market research, he said.

The new tools, expected to debut later this year, will support small business professionals, contracting officers, program managers and others to provide a wider view of the federal government and commercial landscape to identify more potential companies to do business with.

Small business participation has declined precipitously in the past decade, with the number of small companies receiving a federal contract in fiscal 2022 representing roughly half of the 121,270 received in fiscal 2010.

A DOD memo earlier this year instructed officials to prioritize small business goals and contracting opportunities over best in class contract goals.

Read more from the original source:
DOD plans free software tools to support cyber compliance by small ... - FCW.com

Baltimore City is suing Hyundai and Kia in federal court for actions the city says are fueling a "vehicular crime wave."The lawsuit, filed Thursday, claims the business decision by the automakers to not equip vehicles with anti-theft technology is behind the city's massive spike in car thefts."Well, they should have provided it. Everyone else seems to provide it," said Hyundai owner John Simms.Thefts of those vehicles continue to trend in Maryland. Baltimore City police said car thefts are up 95% compared to this time last year, with Kias and Hyundais making up more than 40% of those stolen vehicles."It does make neighborhoods less safe, and that's everywhere, not just in the Medfield area or the city itself," Simms said.The suit argues that the crime has put residents' property and lives at risk, and drained city coffers in an attempt to stem the rising crime trend."It's everywhere, and they should take responsibility for that," Simms said.Baltimore City joins a growing number of cities nationwide, including St. Louis, San Diego, Milwaukee and Seattle, who are suing the two car manufacturers.Kia America sent 11 News a statement in response to the legal action, reading in part, "Lawsuits against Kia by municipalities are without merit. Kia has been and continues to be willing to work cooperatively with law enforcement agencies in the greater Baltimore area to combat car theft and the role social media has played in encouraging it."Hyundai's response pointed out they have followed all federal requirements. Instead, it blamed thieves for spreading the "how to" on social media, and made no mention of the lawsuits.Both Hyundai and Kia have rolled out a free software patch that they said will make the cars harder to steal. Statement: Kia calls lawsuits by municipalities 'without merit'Kia sent a statement to 11 News, saying: "Kia remains deeply concerned that car theft targeting certain models -- encouraged by social media content promoting criminal conduct -- is an issue. To address these crimes, we continue to roll out a free, enhanced security software upgrade to restrict the unauthorized operation of vehicle ignition systems and we are also providing steering wheel locks for impacted owners at no cost to them."To date, Kia has contacted close to 3 million owners and lessees of Kia vehicles -- covering over 90% of affected vehicles -- to let them know of the availability of the software upgrade, and more than 230,000 eligible customers have already had the upgrade installed. "Furthermore, in addition to supplying more than 44,000 free steering wheel locks to over 330 law enforcement agencies across the country for distribution to impacted Kia owners -- including over 1450 locks to police departments in the Baltimore area -- we have shipped over 16,000 locks directly to impacted owners as well. We will continue to provide additional free locks as they are needed."All Kia vehicles are subject to and comply fully with the requirements outlined in applicable Federal Motor Vehicle Safety Standards, including FMVSS 114 that governs theft protection measures."Lawsuits against Kia by municipalities are without merit. Kia has been and continues to be willing to work cooperatively with law enforcement agencies in the greater Baltimore area to combat car theft and the role social media has played in encouraging it."Customers should visit https://ksupport.kiausa.com/ConsumerAffairs/SWLD for more information on their eligibility for the upgrade or to learn more about directly obtaining a steering wheel lock."

Baltimore City is suing Hyundai and Kia in federal court for actions the city says are fueling a "vehicular crime wave."

The lawsuit, filed Thursday, claims the business decision by the automakers to not equip vehicles with anti-theft technology is behind the city's massive spike in car thefts.

"Well, they should have provided it. Everyone else seems to provide it," said Hyundai owner John Simms.

Thefts of those vehicles continue to trend in Maryland. Baltimore City police said car thefts are up 95% compared to this time last year, with Kias and Hyundais making up more than 40% of those stolen vehicles.

"It does make neighborhoods less safe, and that's everywhere, not just in the Medfield area or the city itself," Simms said.

The suit argues that the crime has put residents' property and lives at risk, and drained city coffers in an attempt to stem the rising crime trend.

"It's everywhere, and they should take responsibility for that," Simms said.

Baltimore City joins a growing number of cities nationwide, including St. Louis, San Diego, Milwaukee and Seattle, who are suing the two car manufacturers.

Kia America sent 11 News a statement in response to the legal action, reading in part, "Lawsuits against Kia by municipalities are without merit. Kia has been and continues to be willing to work cooperatively with law enforcement agencies in the greater Baltimore area to combat car theft and the role social media has played in encouraging it."

Hyundai's response pointed out they have followed all federal requirements. Instead, it blamed thieves for spreading the "how to" on social media, and made no mention of the lawsuits.

Both Hyundai and Kia have rolled out a free software patch that they said will make the cars harder to steal.

Kia sent a statement to 11 News, saying: "Kia remains deeply concerned that car theft targeting certain models -- encouraged by social media content promoting criminal conduct -- is an issue. To address these crimes, we continue to roll out a free, enhanced security software upgrade to restrict the unauthorized operation of vehicle ignition systems and we are also providing steering wheel locks for impacted owners at no cost to them.

"To date, Kia has contacted close to 3 million owners and lessees of Kia vehicles -- covering over 90% of affected vehicles -- to let them know of the availability of the software upgrade, and more than 230,000 eligible customers have already had the upgrade installed.

"Furthermore, in addition to supplying more than 44,000 free steering wheel locks to over 330 law enforcement agencies across the country for distribution to impacted Kia owners -- including over 1450 locks to police departments in the Baltimore area -- we have shipped over 16,000 locks directly to impacted owners as well. We will continue to provide additional free locks as they are needed.

"All Kia vehicles are subject to and comply fully with the requirements outlined in applicable Federal Motor Vehicle Safety Standards, including FMVSS 114 that governs theft protection measures.

"Lawsuits against Kia by municipalities are without merit. Kia has been and continues to be willing to work cooperatively with law enforcement agencies in the greater Baltimore area to combat car theft and the role social media has played in encouraging it.

"Customers should visit https://ksupport.kiausa.com/ConsumerAffairs/SWLD for more information on their eligibility for the upgrade or to learn more about directly obtaining a steering wheel lock."

See the original post:
'Vehicular crime wave': Baltimore suing Kia and Hyundai over lack of anti-theft tech - WBAL TV Baltimore

General Motors is serious about not ceding control of the dashboard to Apple or anyone else. On Tuesday, the Detroit automaker announced it had hired former Apple executive Mike Abbott to be its new Executive VP of Software, effective May 22. Abbott will report to GM Chair and CEO Mary Barra.

General Motors is serious about not ceding control of the dashboard to Apple or anyone else.

On Tuesday, the Detroit automaker announced it had hired former Apple executive Mike Abbott to be its new Executive VP of Software effective May 22. Abbott will report to GM Chair and CEO Mary Barra.

Mikes experience as a founder and entrepreneur coupled with his proven track record creating and delivering some of the markets most compelling software-defined solutions for consumers and companies make him an excellent fit at GM, Barra said.

At Apple, Abbott was VP of the Cloud Services division and led a team responsible for the development of infrastructure for all of Apples cloud-based services, including iCloud, iMessage, Private Relay, Mail and account security.

GMs effort to move away from Apple and Android began in March, when it told business website Ars Technica it would no longer support Apple CarPlay and Android Auto in new EVs.

The manufacturer of Chevrolet, Buick and Cadillac said vehicles already on the market, as well as gasoline- and diesel-powered GM vehicles to be released over the next few years, will not be affected.

Abbott will lead a new integrated end-to-end software organization focused on the... delivery of digital services and features to retail and commercial customers, GM said in a written statement.

Abbotts newly created team will bring together three distinct software functions within GM: Software Defined Vehicle and Operating System; Information and Digital Technology; and Digital Business.

GM is moving away from phone projection to offer customers a more integrated solution that will have Google Maps, Google Assistant, Audible, Spotify and other applications run natively on its vehicles infotainment systems.

According to Automotive News, 98% of new vehicles now come with CarPlay and 79% of buyers only consider CarPlay-capable vehicles when shopping for new cars.

Ars Technica reported the first new GM electric vehicle to launch without phone projection will be the 2024 Chevrolet Blazer EV, which is expected to hit showrooms later this year, and the Chevrolet Equinox EV.

Abbott also served as a Visiting Scholar at Stanfords Artificial Intelligence Lab (SAIL), focused on computer vision. Previously, he served as general partner at Kleiner Perkins Caufield & Byers, focused on investments in mobile and cloud-computing sectors. Abbott has also led teams at Twitter, Palm and Microsoft.

Link:
Former Apple Executive Named GM's Head of Software. - Inside Radio

Securing the software supply chain has become increasingly important over the last few years in response to numerous high-profile attacks targeting it, such as Sunburst, Log4j and Heartbleed.

One method growing in popularity is to use a software bill of materials (SBOM). Like a manufacturing-based bill of materials, an SBOM lists all the software components used to create a specific application. SBOMs include the following:

By understanding what is used within deployed software, organizations can quickly find and patch any vulnerabilities in it before malicious actors can take advantage of them.

Many companies offer products to help organizations build their SBOM. The following are five SBOM vendors worth considering.

Anchore offers proprietary software and open source options for SBOM generation. Smaller organizations can use its two open source tools to help with SBOM generation: Syft, a command-line tool, and Grype, a vulnerability scanning tool. Syft creates an SBOM using container images and file systems, while Grype searches for vulnerabilities within the images and file systems. The tools can be used together within the software development lifecycle (SDLC) and be kept in the same centralized repository. Anchore products support multiple SBOM formats, including CycloneDX and Software Package Data Exchange.

The company also offers Anchore Enterprise for large and enterprise organizations. With this tool, companies can generate SBOMs at each stage in the development process that list every software component, including direct and transitive dependencies.

Anchore Enterprise is available in Team, Business, Ultimate and Ultimate+ tiers. Contact the company for pricing.

Vulnerability management vendor Fossa offers an open source SBOM tool that can work alongside its vulnerability management product. It enables software developers to get an accurate view of interdependencies among the various code modules and third-party licenses used in the development of a project. Fossa's vulnerability management tool can then be used to detect security vulnerabilities that could be introduced into the SBOM. For example, it limits false positives and detects fake licensing entries. The tool also alerts teams when a breach is detected. The Fossa API connects to a database of open source projects and metadata to offer teams detailed statistics and updates.

One of Fossa's biggest strengths is it is compatible with popular version controls, including GitHub and GitLab.

Fossa is available in three tiers: Free, Business for $52 per month or Enterprise. Contact Fossa for a customized Enterprise quote.

Mend.io, formerly WhiteSource, offers SBOM generation capabilities as part of its software composition analysis tool, Mend SCA. The tool helps identify open source libraries in use and documents each component and its dependencies.

The tool's key strengths include an undivided focus on vulnerability remediation, scalability, false positive detection and automatic SBOM updates.

Users can request a free trial. Pricing for Mend SCA Advanced starts at $16,000 per year for 20 software developers; Mend Static Application Security Testing Advanced starts at $16,000 per year for 20 developers; Mend SCA and SAST Advanced start at $24,000 per year for 20 developers; and Mend Premium Package is designed for companies with more than 500 developers. Contact the company for pricing.

Rezilion, which caters to DevSecOps teams, offers an SBOM generation tool called Dynamic SBOM. This tool gives software development teams complete visibility into all the software components used in the creation of a project. Teams can ascertain and remediate any vulnerabilities that may occur in the course of the SDLC. Dynamic SBOM also provides the ability for real-time monitoring and updating.

Rezilion offers a free Basic tier, which provides unlimited SBOM generation and limited vulnerability scans and analysis. Premium and Enterprise tiers are also available. Contact the company for pricing.

Vigilant Ops' InSight Platform is a SaaS-based SBOM tool designed for healthcare, energy, manufacturing and similar industries. It offers SBOM compliance certification for auditing and keeping SBOMs up to date with component updates, as well as component validation, SBOM management and distribution, and automated vulnerability discovery. With the SBOM tool, teams can also create a component listing for legacy tools.

Vigilant Ops offers a free trial for SBOM generation. Contact the company for InSight Platform pricing.

Excerpt from:
5 SBOM tools to start securing the software supply chain - TechTarget

A man walks in front of a Peloton store in Manhattan on May 05, 2021 in New York.

John Smith | Corbis News | Getty Images

Check out the companies making the biggest moves midday:

Peloton The fitness platform operator saw shares drop 8.9% after the U.S. Consumer Product Safety Commission said it's recalling more than 2 million bikes over concerns about seat breakages and related injuries. Peloton will offer free, updated seat posts to anyone using the recalled model.

Alphabet Shares added 4.31% a day after Google unveiled new software and gadgets at its developer conference. The tech giant also said it is eliminating the waitlist for its chatbot Bard.

PacWest Bancorp The regional bank's stock sank 22.7% after the company said deposits dropped 9.5% for the week ended May 5. Other regional bank shares followed suit, with Western Alliance and First Horizon shedding 7.3% and 3.2%, respectively.

Beyond Meat Shares tumbled 18.27% after the alternative meat manufacturer said it plans to sell up to $200 million of its common stock. The company said it intends to use the proceeds for general corporate and working capital purposes. The announcement came after Beyond Meat reported a first-quarter earnings-per-share loss that was less than expected.

Disney Disney shares tumbled 8.73% after the media company reported a drop in streaming subscribers. The entertainment giant also reported revenue and earnings in line with Wall Street's estimates, according to Refinitiv.

Icahn Enterprises Shares of Carl Icahn's conglomerate slid another 1.77% after notable short seller Hindenburg Research doubled down on its short-selling campaign against the company following its quarterly report. Icahn Enterprises reported a net loss of $270 million in the first quarter, with its hedge fund losing 4.1% during the period. It declared a $2 per share quarterly dividend.

AppLovin Shares popped 23.53% following the company's first-quarter revenue beat. Revenue was $715.4 million, compared to the $694.8 million expected, per StreetAccount. AppLovin's second-quarter guidance also topped expectations.

Goodyear Tire & Rubber The tire manufacturer's stock soared 21.42% after Elliott Investment Management sent a letter and presentation to the company. Elliott, which has about a 10% stake in Goodyear, said the purpose was to "outline the right path forward to create value at Goodyear and realize its full potential."

Unity Software Shares rallied about 12.94% after the video game software developer reported its first-quarter results. Unity Software's revenue of $500 million beat the $480 million expected from analysts polled by Refinitiv. The company also raised its full-year revenue outlook.

Tapestry Shares of the Coach parent jumped 8.27% after the company reported stronger-than-expected earnings and revenue for its latest quarter. It also issued upbeat guidance for the year that topped estimates.

Robinhood The stock added 6.39% after the brokerage reported better-than-expected revenue for the first quarter. Its first-quarter revenue came in at $441 million, versus analyst estimates of $425 million, according to Refinitiv. Robinhood also showed growth of monthly users, which hit 11.8 million.

Sonos Shares plunged 23.69% on the back of disappointing quarterly results. The company reported an adjusted loss of 24 cents per share, while analysts polled by Refinitiv expected a loss of 18 cents per share. The home sound systems manufacturer also reduced its guidance for the second half of the 2023 fiscal year amid weakening consumer demand and channel partner inventory tightening.

JD.com The U.S.-listed shares of JD.com advanced 7.21% after the Chinese tech firm beat analysts' first-quarter expectations on the top and bottom lines. JD.com reported earnings of CNY4.76 per share, exceeding consensus estimates of CNY3.53. Revenue came in at CNY242.96 billion, higher than expectations of CNY240.81 billion. Separately, JD.com said that Sandy Ran Xu, who is the company's current CFO, has been appointed to succeed Lei Xu as CEO and executive director.

Axon Enterprise Axon Enterprise gained 6.16% after JPMorgan said the pullback in the stock following its first-quarter results on Tuesday is a buying opportunity. The Taser maker slid 15% on Wednesday after reporting some disappointing total gross margin figures, even as it otherwise beat analysts' expectations.

Albemarle The chemical manufacturing stock added 2.06% after being upgraded by Keybanc to overweight from sector weight, citing improving trends in China's lithium market.

CNBC's Tanaya Macheel, Hakyung Kim, Yun Li, Alex Harring, Samantha Subin and Sarah Min contributed reporting.

Read this article:
Stocks making the biggest moves midday: Peloton, Beyond Meat, Alphabet, PacWest & more - CNBC