Open source software is deeply woven into modern embedded development. From compilers and build systems to networking stacks and device libraries, it enables teams to move faster and innovate more efficiently. But speed introduces tradeoffs. The same open source...
If you’ve ever run an SBOM tool on a C/C++ codebase and gotten results that felt wrong, you’re not imagining it. Teams evaluating tools like Black Duck, Syft, Trivy, and FOSSA on embedded projects routinely find that outputs are incomplete, inconsistent,...
If you’re running a proof of concept on Software Bill of Materials (SBOM) tooling for C/C++, you’ve probably already discovered that vendor demos don’t tell you much. Tools that look capable in a sales presentation frequently fall apart when pointed...
How do you protect critical infrastructure—the systems that keep the lights on, water flowing, and communities functioning—from threats that span cyberspace, geopolitics, and emerging technology? That’s the question host Paul Ducklin explored with Joseph M. Saunders,...
AI is now woven into the everyday workflows of embedded engineers. It writes code, generates tests, reviews logs, and scans for vulnerabilities. But the same tools that speed up development are introducing new risks—many of which can compromise the stability of...
Key Takeaways The 2025 SBOM minimum elements represent significant progress since the 2021 baseline. New fields, such as license, hashes, and generation context, push SBOMs beyond check-the-box compliance. Licensing data closes a critical blind spot in software supply...
