A fantastic tool to use and *translate* SBOM data formats. Very excited to see how this project evolves.

What a pleasant surprise to see my project used by Daniel Cuthbert to generate an SBOM. Please feel free to update to 10.4.1 as well as use depscan. github.com/Santandersecur…

With OpenSSF and DHS S&T, we announced Protobom, a new and innovative open source software supply chain tool which enables all orgs to read/generate #SBOMs and file data, as well as translate this data across standard industry SBOM formats. openssf.org/projects/proto…

An #opensource effort to standardize #SBOM data exchange is now governed by the @OpenSSF, and there's more to come under a Homeland Security program. #OpenSourceSummit Omkhar Arasaratnam Katie Norton techtarget.com/searchitoperat… via @techtargetnews

Why #SBOM is not the prevention yet still a vital part of remediation for #xz backdoor

... and other lessons from #xz

link.medium.com/OYsAuOzyNIb

Stacker puerco sharing knowledge on the path forward for the SBOM ecosystem

Looking forward to running the OWASP London Chapter Meetup tonight! Learn about SCA, SBOM & Software Supply Chain Security. The raffle prize will be a Meta Quest2 VR headset generously sponsored by Checkmarx

Last few seats remaining!
Register here:
👇
meetup.com/owasp-london/e…

Adolfo García Veytia (puerco), Staff Software Engineer from stacklok, delves into the emerging challenges in open source software. He discusses the new foundations of SBOM and outlines the next steps for the SBOM ecosystem.
#SOSScommunity

It's certainly been our observation that SBOMs have been a big topic in the industry even before the XZ Utils backdoor discovery. As for us, we've been developing, with the support of NLNet, in a tool to generate SBOMs from Nix packages: Genealogos github.com/tweag/genealog… .

EUサイバーレジリエンス法！
めちゃ大変そう。5年以上のメンテやSBOM管理！
#ALGYAN

simenhegstadkrueger most of all, if you need to provide a SBOM, the lesser deps you rely on the better

After 2.5 months pleasantly at home, back on the road again. Heading to Seattle for the North American Open Source Summit. If you’re around, and want to talk SW supply chain or #SBOM , let me know. And come see my talk rolling out our new work on EOL/EOS software-Wed at 1pm.

If you'll be at #RSAC2024 , you must join us for 'So, you created an SBOM. Now what?' bit.ly/3vFL9DX
#SBOM #RSAC2024 share.sonatype.social/cnhse

Why you need an SBOM (Software Bill Of Materials): SBOMs are security analysis artifacts becoming required by more companies due to internal policies and government regulation. If you sell or buy software, you should know the what, why, and how of the… securityboulevard.com/2024/04/why-yo…

We are thrilled to announce the release of SPDX 3.0, introducing a comprehensive set of updates, encompassing the model, specification, and license list, with the new addition of SPDX profiles to handle modern system use cases.

Read the announcement:
hubs.la/Q02s_TLM0

Live from DevoxxFR : learning about #software #supplychainsecurity by Abdellfetah SGHIOUAR ([email protected]) .
For JobRunr, we're looking into applying #slsa and providing an #sbom . 🔐

New Tool Aims to Simplify and Streamline SBOM Adoption dlvr.it/T5bjK9 #ProtectTheClick

Register today! #SBOM #DevOps #DevSecOps #CYbersecurity #Opensource bit.ly/4aYCKKy

The latest update for #GitGuardian includes 'Why you need an #SBOM (Software Bill Of Materials)' and 'Managing Secrets Security at any Scale: introducing the GitGuardian #SecretsManagement Needs Quiz'.

#cybersecurity #DevOps #infosec #appsec opsmtrs.com/3XY1xZb

SBOM管理が進む
↓
株式市場や会計団体が「依存しているソフトウェアに対する貢献（コードを利用する、コードを書く）」を「エシカリティ」として計上、株式の格付けに使われる

現在の人的資本開示や、GHGプロトコルと同じような流れで、ソフトウェア資産は人類の資産であるとする流れあるかなー