ACES (accelerated cognitive engagement system) can embed any eLearning content to provide richer user experiences and capture real-time skill gap analysis.

Nermine Aladdin Mahmoud is a Computer Science instructor at the Southern Alberta Institute of Technology

Trusted data collection platform brings new AI products to the market: simplifying business processes and enhancing productivity in the field.

Celia Ann Milano is a respected leader in the military information technology sector and a prosperous researcher and author

Brent M. Dingle, PhD lends years of expertise to his work with RTX and Raytheon

Brian Theory lends years of expertise to his work with NASA

To deliver more and better digital entertainment tools, Moyea Software just added its product lineups by introducing a brand-new online video downloader - Moyea Downloader to help users freely enjoy online videos offline without any limit.

Tarang Bhargava serves as a senior software development engineer at SAP Concur

NdotLight is a startup that conducts SaaS business that provides 3D design software and a self-developed 3D modeling engine in the form of a software development kit (SDK).

When VideoByte BD-DVD Ripper released its latest updated version, the Blu-ray/DVD ripping process now becomes to be more professional and efficient. See how it helps to boost the process for us.

Leawo just released the latest version of Prof. Media for Mac v13.0.3. This new update fixed audio missing issue in 5.1 Audio AAC output, and the issue of disc menu template turning to be only 5-second long after adding custom menu background.

Rexalto Inc., has announced the launch of an AI dynamic pricing engine for the US automotive and rental market

Al Nabooda Automobiles, one of the major players in the Arab Emirates and Middle East automotive market, utilizing Rexalto Inc. white label IT solution to enhance its position in the digital corporate sales and subscription segment.

Mango Animate's whiteboard animation software allows users to create professional videos easily, changing the game by simplifying the video creation process.

Jason Indelicato, the esteemed CEO of Vantage Custom Software, is an industry leader driving the next wave of digital transformation

Fashion Dot showcased its advanced tailoring CAD software and laser cutting machines at GTE 2024. These machines allow tailors to input measurements and auto-generate cutting diagrams, improving accuracy, reducing costs, and eliminating manual work. The company offers customer support and regularly updates its software to include new garment models.

The fastest and simplest route to becoming a software engineer with little cost.

By enabling greater productivity and accelerated software development timelines, no code/low code is on the rise.

PeerGFS improves productivity and availability while minimizing recovery time in disaster scenarios

Luggage repair and claims specialist selects Rootstock Manufacturing Cloud ERP to transform global operations and support future growth??

Creatio works to transform legacy processes that impact enterprise productivity

  Cryptic Studios is an industry leader in the development of free-to-play massively multiplayer role-playing games on PC and console including Champions Online, Star Trek Online, and Neverwinter.  We bring these popular properties to life with innovative gameplay mechanics, gorgeous graphics, and impressive sound to create an engaging and immersive player experience.  We have adopted a flexible work policy that allows options for onsite work in our Los Gatos, CA studio or fully remotely from anywhere throughout the US. Come and join us! Cryptic Studios is currently seeking a Staff Core Software Engineer.  The creation and operation of massive multiplayer online games requires a wide range of innovative technologies.  As a Core Software Engineer, you can help define and drive improved workflows and engine features for Cryptic’s game development teams.   Every day you could be: * Collaborating with world-class artists, designers, and engineers to build game systems and powerful tools for the creation of fantastic virtual worlds and gameplay. * Extending systems to meet the ever-changing needs of a massively multiplayer online game. * Upgrading our workflows to improve team productivity and enhance content for customers. * Analyzing performance of key systems and refactoring or re-implementing them to perform and scale better under load. * Working in a custom, state of the art, client-server game engine and tool suite. * Researching and introducing new technologies to all engineers and management.     Systems you might work on     * Core components of Cryptic's game client/server architecture, including simulation technologies (AI, cloth, movement, physics), and audio/visual technologies (animation, audio, visual effects). * The many in-engine tools used to build content for our games. * Integration with platforms such as Xbox Live, PlayStation Network, Steam, and Epic. * Internal improvements to keep up with the latest software development tools * Graphics team support   What we need to see: * 5+ years of experience programming and debugging. * 1+ year of professional experience programming and debugging with C/C++. * Solid understanding of pointers and memory management. * Working knowledge of asynchronous systems such as multi-threaded or multi-process systems. * Ability to work comfortably within a large pre-existing code base * A passion for delivering great work. * Clear and concise communication skills. * Bachelor's degree in Computer Science or related field (or equivalent experience). * Must be eligible to work in the United States.   What we’d like to see: * Experience in the video game industry and with MMO’s is a huge plus! * Worked on a team developing software that shipped in a finished product. * 2+ years of game development experience. * In-depth knowledge of and experience with games.   C/C++ Programming Cryptic’s software engineers work almost exclusively in a high performance, cross-platform C/C++ code base.  In addition to problem solving skills, this job requires a high degree of proficiency with pointers and memory management and the interview process will test for these skills. (Java and C# are not utilized in this job.)   What Cryptic Offers * Remote Work Options - Anywhere Within The US * A fun tight-knit team where your contributions will have a major impact * Full-Time role * Paid Holiday, Sick Time & Paid Time off * Health Insurance & Perks: Medical, Dental, Vision * Company social events  * Pet-Friendly Environment  

  Cryptic Studios is an industry leader in the development of free-to-play massively multiplayer role-playing games on PC and console including Champions Online, Star Trek Online, and Neverwinter.  We bring these popular properties to life with innovative gameplay mechanics, gorgeous graphics, and impressive sound to create an engaging and immersive player experience. We have fully embraced a flexible work policy that allows options for onsite work in our Los Gatos, CA studio or fully remotely from anywhere throughout the US. Come and join us! Cryptic Studios is currently seeking a Staff Infrastructure Software Engineer. The creation and operation of massive multiplayer online games requires a wide range of innovative technologies. As an Infrastructure Software Engineer, you can contribute to advancing the state of the art in back-end systems for online games.   Every day you could be * Working in a team of very talented software engineers to architect, build and maintain exceptional game play systems. * Analyzing game systems to improve game play experiences for players. * Working with operations staff to design and implement new features that will improve the reliability and efficiency of operating Cryptic's games. * Working with game development teams and game engine teams to bring their ideas to live in high performance back-end systems. * Analyzing performance of key systems and refactoring or re-implementing them to perform and scale better under load. * Working in a custom, state of the art, client-server game engine and tool suite. * Developing and extending systems to meet the ever-changing needs of a massively multiplayer online game. * Upgrading our workflows to improve team productivity and enhance content for customers. * Researching and introducing new technologies to all engineers and management.   Systems you might work on * Core components of Cryptic's game server architecture, ranging from gameplay servers, to social systems (such as friends management, chat, and teaming) to economic systems (such as auction). * Integration with platforms such as Xbox Live, PlayStation Network, and Steam. * Entitlement management systems, ranging from designing micro-transactions, through the purchase flows, to tracking and reporting on game monetization. * Management tools for Cryptic's private server cloud, ranging from deployment tools to operational telemetry. * Asset management ranging from internal tracking of game assets to large scale cloud deployment of the game to customers. * Cryptic's custom built NoSQL object database that optimizes for write-mostly, read-rarely use patterns.   What we need to see * 5+ years of experience programming and debugging. * 1+ year of professional experience programming and debugging with C/C++. * Solid understanding of pointers and memory management. * Working knowledge of asynchronous systems such as multi-threaded or multi-process systems. * Ability to work comfortably within a large pre-existing code base * A passion for delivering great work. * Clear and concise communication skills. * Bachelor's degree in Computer Science or related field (or equivalent experience). * Must be eligible to work in the United States.   What we’d like to see * 2+ years of experience with networking, including sockets, ports, firewalls, packet capture, etc. * Familiarity with web services mechanics such as REST, JSON-RPC, etc. * In-depth knowledge of and experience with games. * Experience in the video game industry and with MMO’s is a huge plus!   C/C++ Programming * Cryptic’s software engineers work almost exclusively in a high performance, cross-platform C/C++ code base.  In addition to problem solving skills, this job requires a high degree of proficiency with pointers, memory management, and performance optimization. The interview process will be testing you for these skills. (Java, C# and other high-level languages will not be utilized in this job.)   What Cryptic Offers * Remote Work Options - Anywhere Within The US * A fun tight-knit team where your contributions will have a major impact * Full-Time role * Paid Holiday, Sick Time & Paid Time off * Health Insurance & Perks: Medical, Dental, Vision * Company social events  * Pet-Friendly Environment      

There is nothing more wonderful than exploring new tools or ways for something you are passionate about.

Before the turn of the new millennium, development teams could get away with supporting two platforms: Windows and the web. Today, there are dozens, with more created monthly. As a result, teams struggle to manage vendor, device, and platform fragmentation. To fully realize the potential of virtual reality, the Internet of Things, and other platforms […]

The post The future of software development Is automation first appeared on TECH Intelligence and is written by Aidan Cunniffe.

Top home design software for real estate pros: explore features, benefits, and tips to streamline project planning, design, and budgeting.

Understanding the software that powers a website can be invaluable for web developers, digital marketers, and business owners alike when they want to analyze their competition. The process of building and maintaining a website is ongoing; it involves constant updates, feature enhancements, and user experience improvements. As you navigate the digital landscape, you may find […]

The post 3 Tools That Will Let You Examine What Software Your Competitors’ Websites Are Built With appeared first on Designer Daily: graphic and web design blog.

I spent the better part of the twenty-teens working as a software developer/engineer. To be honest, I paid very little attention to intentional professional growth during most of that span. We were a relatively small company, and I lacked the confidence and experience to think ambitiously. Being a great software engineer can be satisfying and …

The post What does it take to be a great software engineer? appeared first on Nathan Rice.

The emergence of AI software in the field of architecture and design has sparked a significant shift in how professionals approach their work. With advancem ...

For software companies competing in today’s digital marketplace, simply having an online presence isn’t enough. To capture the attention of your target audience and engage them throughout your sales funnel, you need to develop and deploy a strategic, comprehensive, and consistent digital marketing plan. Digital marketing is not just about visibility — it’s about establishing […]

The post The Most Effective Digital Marketing Strategies for B2B Software Companies appeared first on 3.7 Designs.

Launching a new B2B software product requires a different approach than traditional go-to-market strategies. The business model you choose should align with varying types of products and market conditions, as it significantly influences overall sales success and the structuring of sales teams. The software space is crowded, and your potential customers are likely already using […]

The post From Research to Revenue: A Complete Guide to B2B Software GTM appeared first on 3.7 Designs.

The post How to Use Surfer SEO’s Scoring Software to Rank Higher in Google (+ a Few Tips and Tricks to Raise Your Scores) appeared first on DailyBlogTips.com.

BOSTON, Massachusetts, USA -- Thursday, November 30, 2023 -- The Free Software Foundation (FSF) announced today that EmacsConf will join the Working Together for Free Software Fund. The one and only conference dedicated to the joy of Emacs is joining just before their event on December 2 and 3, 2023.

BOSTON (October 8, 2024) -- The Free Software Foundation (FSF) has announced that it is taking part in the US National Institute of Standards and Technology (NIST)'s consortium on the safety of (so-called) artificial intelligence, particularly with reference to "generative" AI systems. The FSF will ensure the free software perspective is adequately represented in these discussions.

Welcome to the *Free Software Supporter*, the Free Software Foundation's (FSF) monthly news digest and action update -- being read by you and **231,236** other activists.

The Winamp Collaborative License included restrictions that rendered Winamp nonfree

Welcome to the Free Software Supporter, the Free Software Foundation's (FSF) monthly news digest and action update -- being read by you and 231,355 other activists.

We're planning a jam-packed anniversary year and we hope you'll join us for the festivities!

The rise of distributed software teams has fundamentally transformed how we approach software development. With technology evolving, so does our ability to connect and collaborate across borders, time zones, and cultural barriers. The article will venture into the fascinating world of distributed software development and provide you with the most effective strategies and best practices […]

The post Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams appeared first on 404 Tech Support.

Sophia Antipolis, 2 February 2023

ETSI, the organization for globally applicable standards for information and communication technology (ICT), has adopted a new instrument, Software Development Groups (SDGs). This game-changing move will help ETSI adapt to the ever-evolving landscape of technology and standards development. Developing software to accompany standards will accelerate the standardization process, providing faster feedback loops and improving the quality of standards.

Read More...

Sophia Antipolis, 25 July 2023

ETSI is proud to announce the establishment of its first Software Development Group, called OpenSlice. With this group, ETSI positions itself as a focal point for development and experimentation with network slicing.

Read More...

Sophia Antipolis, 9 November 2023

ETSI is delighted to announce the establishment of a new Software Development Group, called OpenCAPIF. OpenCAPIF is developing an open-source Common API Framework, as defined by 3GPP, allowing for secure and consistent exposure and use of APIs.

Read More...

Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.

Dive into six things that are top of mind for the week ending Oct. 25.

1 - CSA: How to prevent “shadow AI” 

As organizations scale up their AI adoption, they must closely track their AI assets to secure them and mitigate their cyber risk. This includes monitoring the usage of unapproved AI tools by employees — an issue known as “shadow AI.”

So how do you identify, manage and prevent shadow AI? You may find useful ideas in the Cloud Security Alliance’s new “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper.

The white paper covers shadow AI topics including:

• Creating a comprehensive inventory of AI systems
• Conducting gap analyses to spot discrepancies between approved and actual AI usage
• Implementing ways to detect unauthorized AI wares
• Establishing effective access controls
• Deploying monitoring techniques

“By focusing on these key areas, organizations can significantly reduce the risks associated with shadow AI, ensuring that all AI systems align with organizational policies, security standards, and regulatory requirements,” the white paper reads.

For example, to create an inventory that offers the required visibility into AI assets, the document explains different elements each record should have, such as:

• The asset’s description
• Information about its AI models
• Information about its data sets and data sources
• Information about the tools used for its development and deployment
• Detailed documentation about its lifecycle, regulatory compliance, ethical considerations and adherence to industry standards
• Records of its access control mechanisms

Shadow AI is one of four topics covered in the publication, which also unpacks risk management; governance and compliance; and safety culture and training.

To get more details, read:

• The full “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper
• A complementary slide presentation
• The CSA blog “Shadow AI Prevention: Safeguarding Your Organization’s AI Landscape”

For more information about AI security issues, including shadow AI, check out these Tenable blogs:

• “Do You Think You Have No AI Exposures? Think Again”
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood”
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach”
• “6 Best Practices for Implementing AI Securely and Ethically”
• “Compromising Microsoft's AI Healthcare Chatbot Service”

2 - Best practices for secure software updates

The security and reliability of software updates took center stage in July when an errant update caused massive and unprecedented tech outages globally.

To help prevent such episodes, U.S. and Australian cyber agencies have published “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers.”

“It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements,” reads the 12-page document.

Although the guide is aimed primarily at commercial software vendors, its recommendations can be useful for any organization with software development teams that deploy updates internally.

The guide outlines key steps for a secure software development process, including planning; development and testing; internal rollout; and controlled rollout. It also addresses errors and emergency protocols.

“A safe software deployment process should be integrated with the organization’s SDLC, quality program, risk tolerance, and understanding of the customer’s environment and operations,” reads the guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Australian Cyber Security Centre.

To get more details, read:

• The “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers” guide
• The CISA alert “CISA, US, and International Partners Release Joint Guidance to Assist Software Manufacturers with Safe Software Deployment Processes”

For more information about secure software updates:

• “Tenable’s Software Update Process Protects Customers’ Business Continuity with a Safe, Do-No-Harm Design” (Tenable)
• “The critical importance of robust release processes” (Cloud Native Computing Foundation)
• “Software Deployment Security: Risks and Best Practices” (DevOps.com)
• “Software Updates, A Double-Edged Sword for Cybersecurity Professionals” (Infosecurity)
• “DevOps Best Practices for Faster and More Reliable Software Delivery” (DevOps.com)

3 - Report: GenAI, attack variety, data security drive cyber strategies

What issues act as catalysts for organizations’ cybersecurity actions today? Hint: They’re fairly recent concerns. The promise and peril of generative AI ranks first. It’s closely followed by the ever growing variety of cyberattacks; and by the intensifying urgency to protect data.

That’s according to CompTIA’s “State of Cybersecurity 2025” report, based on a survey of almost 1,200 business and IT pros in North America and in parts of Europe and Asia. 

These three key factors, along with others like the scale of attacks, play a critical role in how organizations currently outline their cybersecurity game plans.

“Understanding these drivers is essential for organizations to develop proactive and adaptive cybersecurity strategies that address the evolving threat landscape and safeguard their digital assets,” reads a CompTIA blog about the report.

Organizations are eagerly trying to understand both how generative AI can help their cybersecurity programs and how this technology is being used by malicious actors to make cyberattacks harder to detect and prevent.

Meanwhile, concern about data protection has ballooned in the past couple of years. “As organizations become more data-driven, the need to protect sensitive information has never been more crucial,” reads the blog.

Not only are organizations focused on securing data at rest, in transit and in use, but they’re also creating foundational data-management practices, according to the report.

“The rise of AI has accelerated the need for robust data practices in order to properly train AI algorithms, and the demand for data science continues to be strong as businesses seek competitive differentiation,” the report reads.

To get more details, read:

• The report’s announcement “Cybersecurity success hinges on full organizational support, new CompTIA report asserts”
• CompTIA’s blogs “Today’s top drivers for cybersecurity strategy” and “Cybersecurity’s maturity: CompTIA’s State of Cybersecurity 2025 report”
• The full “State of Cybersecurity 2025” report

For more information about data security posture management (DSPM) and preventing AI-powered attacks, check out these Tenable resources:

• “Harden Your Cloud Security Posture by Protecting Your Cloud Data and AI Resources” (blog)
• “Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?” (on-demand webinar)
• “The Data-Factor: Why Integrating DSPM Is Key to Your CNAPP Strategy” (blog)
• “Mitigating AI-Related Security Risks” (on-demand webinar)
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood” (blog)

4 - CISA lists software dev practices most harmful for security

Recommended best practices abound in the cybersecurity world. However, CISA and the FBI are taking the opposite tack in their quest to improve the security of software products: They just released a list of the worst security practices that software manufacturers ought to avoid.

Titled “Product Security Bad Practices,” the document groups the “no-nos” into three main categories: product properties; security features; and organizational processes and policies.

“It’s 2024, and basic, preventable software defects continue to enable crippling attacks against hospitals, schools, and other critical infrastructure. This has to stop,” CISA Director Jen Easterly said in a statement.

“These product security bad practices pose unacceptable risks in this day and age, and yet are all too common,” she added.

Here are some of the worst practices detailed in the document, which is part of CISA’s “Secure by Design” effort:

• Using programming languages considered “memory unsafe”
• Including user-provided input in SQL query strings
• Releasing a product with default passwords
• Releasing a product with known and exploited vulnerabilities
• Not using multi-factor authentication
• Failing to disclose vulnerabilities in a timely manner

Although the guidance is aimed primarily at software makers whose products are used by critical infrastructure organizations, the recommendations apply to all software manufacturers.

If you’re interested in sharing your feedback with CISA and the FBI, you can submit comments about the document until December 16, 2024 on the Federal Register.

To get more details, check out:

• CISA’s announcement “CISA and FBI Release Product Security Bad Practices for Public Comment”
• The full document “Product Security Bad Practices”

For more information about how to develop secure software:

• “Tenable Partners with CISA to Enhance Secure By Design Practices” (Tenable)
• “Ensuring Application Security from Design to Operation with DevSecOps” (DevOps.com)
• “What is application security?” (TechTarget)
• “Guidelines for Software Development (Australian Cyber Security Centre)

5 - New EU law focuses on cybersecurity of connected digital products

Makers of digital products — both software and hardware — that directly or indirectly connect to networks and to other devices will have to comply with specific cybersecurity safeguards in the European Union.

A newly adopted law known as the “Cyber Resilience Act” outlines cybersecurity requirements for the design, development, production and lifecycle maintenance of these types of products, including IoT wares such as connected cars.

For example, it specifies a number of “essential cybersecurity requirements” for these products, including that they:

• Aren’t shipped with known exploitable vulnerabilities
• Feature a “secure by default” configuration
• Can fix their vulnerabilities via automatic software updates
• Offer access protection via control mechanisms, such as authentication and identity management
• Protect the data they store, transmit and process using, for example, at-rest and in-transit encryption

“The new regulation aims to fill the gaps, clarify the links, and make the existing cybersecurity legislative framework more coherent, ensuring that products with digital components (...) are made secure throughout the supply chain and throughout their lifecycle,” reads a statement from the EU’s European Council.

The law will “enter into force” after its publication in the EU’s official journal and will apply and be enforceable 36 months later, so most likely in October 2027 or November 2027. However, some of its provisions will be enforceable a year prior.

For more information and analysis about the EU’s Cyber Resilience Act:

• “Cyber Resilience Act Requirements Standards Mapping” (ENISA)
• “The Cyber Resilience Act, an Accidental European Alien Torts Statute?” (Lawfare)
• “EU Cybersecurity Regulation Adopted, Impacts Connected Products” (National Law Review)
• “Open source foundations unite on common standards for EU’s Cyber Resilience Act” (TechCrunch)
• “The Cyber Resilience Act: A New Era for Mobile App Developers” (DevOps.com)

VIDEO

The EU Cyber Resilience Act: A New Era for Business Engagement in Open Source Software (Linux Foundation) 

6 - UK cyber agency: CISOs must communicate better with boards

CISOs and boards of directors are struggling to understand each other, and this is increasing their organizations’ cyber risk, new research from the U.K.’s cyber agency has found.

For example, in one alarming finding, 80% of respondents, which included board members, CISOs and other cyber leaders in medium and large enterprises, confessed to being unsure of who is ultimately accountable for cybersecurity in their organizations.

“We found that in many organisations, the CISO (or equivalent role) thought that the Board was accountable, whilst the Board thought it was the CISO,” reads a blog about the research titled “How to talk to board members about cyber.”

As a result, the U.K. National Cyber Security Centre (NCSC) has released new guidance aimed at helping CISOs better communicate with their organizations’ boards titled “Engaging with Boards to improve the management of cyber security risk.”

“Cyber security is a strategic issue, which means you must engage with Boards on their terms and in their language to ensure the cyber risk is understood, managed and mitigated,” the document reads.

Here’s a small sampling of the advice:

• Understand your audience, including who are the board’s members and their areas of expertise; and how the board works, such as its meeting formats and its committees.
• Talk about cybersecurity in terms of risks, and outline these risks concretely and precisely, presenting them in a matter-of-fact way.
• Don’t limit your communication with board members to formal board meetings. Look for opportunities to talk to them individually or in small groups outside of these board meetings.
• Elevate the discussions so that you link cybersecurity with your organization’s business challenges, goals and context.
• Aim to provide a holistic view, and avoid using technical jargon.
• Aim to advise instead of to educate.

In the event of a security breach, a software inventory is essential to determine what was breached, and who needs to be notified.  First responders require a software inventory to perform forensic analysis and determine breach notification requirements for vendors, business partners, and regulatory bodies. Organizations that have a clear understanding of software in their environment can quickly assess a breach impact and identify affected areas. If legal proceedings are involved, an organized software inventory greatly assists in limiting data handed over to Law Enforcement and assists technical staff in depositions or testimony. 

Business Continuity and Disaster Recovery plans specify requirements for restoration of critical assets and services, but these need to be identified to establish a Recovery Time Objective (the amount of time to recover a service to an acceptable level of operation) and Recovery Point Objective (the last point of known good data.)  Developing and maintaining a software inventory is a critical first step in implementing an effective cyber security program.

A software inventory helps demonstrate compliance with regulatory controls and Service Level Agreements (SLA) for software used in the environment. From the perspective of “less is more,” a software inventory also identifies unnecessary software running in the environment, which increases the attack surface without providing a business advantage.

Security operations perform scans to identify operating system and application versions, including unsupported software and unpatched systems. This information is used to establish a secure baseline and measure drift from that baseline. A software inventory is necessary to determine if the software is authorized, appropriately licensed, supported, and has the most recent security fixes applied.
Identifying the authorized software assets is an important step to ensure critical assets are protected. The larger the organization, the more difficult the inventory process becomes. Tenable.io and Tenable.sc help organizations build a software inventory. There are several software discovery plugins that run by default in the following scan templates:

• Basic and Advanced Agent Scans
• Advanced (Network) Scan
• Basic (Network) Scan
• Credentialed Patch Audit
• Internal PCI Network Scan

Maintaining a software inventory aids in cyber hygiene and minimizes unauthorized software installation. Many organizations perform an annual audit by an external third party, where they are required to enumerate authorized software that is running in the environment. Organizations that maintain a current software inventory throughout the year can produce information required by auditors and vendors with minimal effort. 

The report and its chapters are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the Tenable.sc Feed under the category Discovery and Detection.

The report requirements are: 

• Tenable.sc 5.19.1
• Nessus 10.0.1

Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable.io discovers and analyzes assets continuously to provide an accurate and unified view of an organization’s security posture.

Chapters

Executive Summary This chapter presents data for detected operating systems, browsers, unsupported software, and other software installations on systems within a network.

Installed Software Iteration This chapter displays software detected across the organizations systems. Software enumeration is utilized to detect Installed software.

Issues Gating Remediation This chapter displays known/identified roadblocks to completing remediation efforts.