The Authoritative Guide to AI/ML-BOM from CycloneDX just dropped. Full transparency into your AI supply chain: security, compliance, data lineage, reproducibility. AI regulations are here. Be ready.
#AI #AIBOM #SBOM #OWASP #CycloneDX
cyclonedx.org/guides/
Back from #FOSDEM and working on the new European SBOM conference in Stockholm April 10th. Send me your ideas for talks!
#SBOM #CYCLONEDX #SPDX #POTATOSECURITY #CRA #EUCRA
Back from #FOSDEM and working on the new European SBOM conference in Stockholm April 10th. Send me your ideas for talks!
#SBOM #CYCLONEDX #SPDX #CYBERSECURITY #CRA #EUCRA
The slides for my presentation "Please sign your artefacts. WITH WHAT?" at #FOSDEM in the Security devroom are now available for viewing. A video will be coming soon.
fosdem.org/2026/schedule/event/RFFD...
#SBOM #SPDX #CYCLONEDX #OWASP #CYBERSECURITY #PKILOVE #pki
At the #AboutCode SBOM tools workshop we talked about creating a way of continuing the discussions. I've just created a #SBOM-tools slack channel in the @orcwg space. Join us to discuss #SBOM tools and interoperability!
https://orcwg.org/participate/
#SBOM #CYCLONEDX #SPDX #PURL
Going to #FOSDEM? Please join us to celebrate our recent success stories in ECMA TC54! #CycloneDX 1.7, Package URL (#PURL) 1.0 and the Common Lifecycle Enumeration 1.0 (#CLE). We are working to improve all of these and complete the Transparency Exchange API […]
[Original post on infosec.exchange]
The EU Cyber Resilience Act requires manufacturers to have an SBOM - but what does that mean? Last Friday we had a chat about the CRA and SBOMs and it turned out it wasn't easy to figure out.
Check the video at youtu.be/W-E55x8fPyY?...
#SBOM #EUCRA #CRA #SPDX #CYCLONEDX
PEP 770 was accepted in April of this year, what has happened since then?
sethmlarson.dev/pep-770-sbom...
#Python #SBOM #CycloneDX #SPDX #auditwheel #cibuildwheel
Heading to #PQC2025?
Join IBM, The Linux Foundation, and SCANOSS for the CBOM Hands-On Workshop
28 Oct, 9 AM, Room 1.
#CBOM #CycloneDX #CryptoAgility #OpenSource #SCANOSS
IBM donated its CBOM tooling to the Linux foundation. Hopefully this will enable CBOMs more widely.
research.ibm.com/blog/cryptog...
#cryptoagility #cbom #cyclonedx #cryptography
Zen of SBOM #3: "DEPENDENCIES are like relationships. You can't choose them, but they're important."
What do you think? Discuss!
#SBOM #ZENSBOM #SPDX #CYCLONEDX
The OWASP Transparency Exchange API has published our first BETA release for implementors to start implementing the consumer API including the discovery.
Get all the docs including the #openapi specification here:
github.com/CycloneDX/tr...
#OWASP #TEA #SBOM #CYCLONEDX #SPDX
Zen of SBOM #2: "SBOM is not a single process to be completed. It's a lifecycle process".
What do you think? Discuss!
#SBOM #ZENSBOM #SPDX #CYCLONEDX
Here's why your organization should consider using SaaSBOMs (think #SBOM, but for #SaaS), key challenges — & how to put the #CycloneDX xBOM standard into action: www.reversinglabs.com/blog/5-reaso...
Join us for a few postings named "The ZEN of SBOM". The first one is "SBOM is not the answer to all software problems, but it sure helps"
What do you think! Let's discuss!
#SBOM #CYCLONEDX #SPDX #SOFTWARETRANSPARENCY
@owasp.org's #CycloneDX 1.6 calls for the ML-BOM, SaaSBOM, & CBOM - making them non-negotiable visibility requirements that go beyond the #SBOM: www.reversinglabs.com/blog/xbom-to...
Join us on Wed May 28, 2025 in Barcelona for a hands-on hackathon to test Beta 1 of the Transparency Exchange API (TEA) — a new way to securely exchange SBOMs, attestations & more.
Free registration, thanks to @owasp.org and Ecma International.
cyclonedx.org/events/hacka...
#CycloneDX #SBOM
We're honored that @defectdojo.bsky.social has chosen Dependency-Track as one of the top #opensource tools in the #SCA category this year.
Here's the press release with all the other great tools on the list.
www.businesswire.com/news/home/20...
#SBOM #CycloneDX #OWASP
There are not many examples of code that build CBOM ( #cryptography bills of material) based on the #CycloneDx python library. Or in general there are not many tools that generate CBOM out there. Nice work from the UK Santander research team. Really helpful. repo: github.com/Santandersec...
Works with Vulnetix
#Secrets scanners
#SAST
Linters
#Code test coverage
#IaC
#Containers
Compilers
#DAST
#AttackSurface
+ Anything else that exports #CycloneDX, #SPDX, or #SARIF
Vendor Support for CycloneDX here: cyclonedx.org/about/suppor...
Or SPDX here: spdx.dev/use/spdx-too...
Let's chat
🚀 Exciting news: Socket is now part of TC54! We're joining forces to help shape the future of SBOMs, CycloneDX, and PURL, making software supply chains more secure & transparent.
socket.dev/blog/socket-...
#SBOM #CycloneDX #PURL #cybersecurity
Just finished writing a blog post about Creating SBOM with sbom-tool and CycloneDX on Azure DevOps.
#Azure #AzurePipelines #SBOM #sbomtool #CycloneDX dev.to/atahanceylan...
The OWASP CycloneDX team will be well represented at @fosdem.bsky.social ! We'll talk in the Security dev room and the SBOM dev room. Find us if you want to chat about CycloneDX, PURL, TEA or other CycloneDX projects.
#SBOM #CYCLONEDX #TEA #PURL
@cyclonedx.bsky.social @owasp.org
Anthony and Olle will be at FOSDEM as part of the @cyclonedx.bsky.social team. We're talking in the SBOM devroom and in the main track (house K).
Let's meet and chat about SBOMs!
#SBOM #CYCLONEDX
OWASP CycloneDX are coming to FOSDEM! We'll speak in many dev rooms and in the main track. Let's meet!
#OWASP #CYCLONEDX #SBOM
If your company creates software that manage Software Bill of Material data - SBOMs - then you want to take part of the standardisation of an ECMA standard API for exchanging software transparency artefacts. Join us on November 25th! http://teaintro.even #SPDX #SBOM #INTOTO #CYCLONEDX #OWASP
CycloneDX v1.6, advances software supply chain security with cryptographic bill of materials, CycloneDX Attestations, and assessing the environmental impact of AI. #CycloneDX #OWAS #SBOM" jpmellojr.blogspot.com/2024/04/owas...
One of the new features of #CycloneDX v1.6 is Attestations, enabling organizations to communicate and assert veracity of standards, claims, and evidence in support of requirements.
Read about all the new features here: cyclonedx.org/news/c...
#CycloneDX v1.6 has been released! Among the new features is support for Cryptographic Bill of Materials (CBOMs), allowing inventory of cryptographic algorithms in use, informing future migration to post-quantum algorithms. Read all the details here: cyclonedx.org/news/c...
