OpenSSF · @openssf
278 followers · 111 posts · Server social.lfx.dev
As the supply chain for software continues to grow in complexity and as attacks on those components grow 📈 #SBOMs will provide the groundwork to manage how those assets get protected at scale says Michael Isbitski of Sysdig in our latest guest blog: https://openssf.org/blog/2023/07/21/manage-how-you-protect-your-assets-at-scale-with-sboms/
Snyk · @snyk
64 followers · 15 posts · Server masto.dsoc.io🚀 Enrich all of your #SBOMs with Parlay, a new #OpenSource tool from Snyk!
Learn how to use Parlay to make policy-based decisions around package license information and so much more.
OpenSSF · @openssf
205 followers · 76 posts · Server social.lfx.dev
Where we are with generating, understanding, managing, & converting #SBOMs and where may the community go in the future? Ivana Atanasova of @VMware takes a look from the SBOM Devroom, hosted at FOSDEM 2023 in Brussels https://openssf.org/blog/2023/05/24/exploring-the-latest-advances-in-sboms-from-the-devroom/
OpenSSF · @openssf
154 followers · 38 posts · Server social.lfx.dev
Assessing Product Risk Using SBOMs and OpenSSF Scorecard - guest blog by Daniel Nebenzahl, CTO of Scribe Security on the potential for utilizing #SBOMs with OpenSSF #Scorecard data to evaluate product-level security risks https://openssf.org/blog/2023/04/14/assessing-product-risk-using-sboms-and-openssf-scorecard/
OpenSSF · @openssf
148 followers · 32 posts · Server social.lfx.dev
Software Bill of Materials #SBOMs have been with us for the last 10+ years, so do they matter more today than when we started generating them?
Vincent Danen of Red Hat and Tracy Ragan of DeployHub explore in their recent blog - SBOMs so far, so good, so what?
OpenSSF · @openssf
57 followers · 13 posts · Server social.lfx.dev
How to make high-quality #SBOMs by John Speed Meyers of Chainguard https://openssf.org/blog/2023/03/02/how-to-make-high-quality-sboms/
OpenSSF · @openssf
49 followers · 10 posts · Server social.lfx.dev
Are you interested in addressing open source software #OSS security risk? Software Bill of Materials #SBOMs? Diversity, Equity, and Inclusion #DEI in OSS security? + more. You are invited to the next virtual OpenSSF Town Hall on March 16th at 10 AM. Everyone is welcome. Register at: https://zoom.us/webinar/register/3016764098494/WN_2rz5
Dan Conn @ OWASP Dublin 15/2 · @danjconn
748 followers · 387 posts · Server defcon.socialA nice little article from Steve Poole
explaining about the importance of #SBOMs for #OpenSource and #SoftwareDevelopment
https://foojay.io/today/sboms-first-steps-in-a-new-journey-for-developers/
#sboms #opensource #softwaredevelopment
Dan Conn @ Open UK 7-8th Feb · @danjconn
742 followers · 377 posts · Server defcon.social
Was interesting to see quite a few different slides quoting statistics from Sonatype State of Software Supply Chain Report at @openuk
Looks like it's made impact on quite a few people, and that's understandable because the research team are amazing.
https://www.infosecurity-magazine.com/news/soocon23-open-source-automate-sboms/
#sboms #supplychain #cybersecurity