Just a few days back we were discussing hbom is tricky coz once we try to read in we are going to tamper warantties and today @bunnie.org Released https://bunnie.org/iris hoping this changes the landscape
#hbom #trustbutverify
Just a few days back we were discussing hbom is tricky coz once we try to read in we are going to tamper warantties and today @bunnie.org Released https://bunnie.org/iris hoping this changes the landscape
#hbom #trustbutverify
Let's Go Sharks!!
@allanfriedman are there standards like SPDX or CycloneDx for #HBOM ?
One very big new problem in HBOMs i see are the added complexity by product batches that can be bad. Also lots of proprietary tracking.
Raise your hand if you've heard of the AI-BOM yet.
----------------‐---------
Pardon my hashtags...
#AIBOM #AI #ML #MLBOM #NLP #NLPBOM #SSCS #supplychain #supplychainsecurity #SoftwareSupplyChainSecurity #softwaredevelopment #devops #devsecops #securesoftware #sbom #hbom #dbom #BOM #alltheBOMs
Here's the deck I presented to the DoD CIO panel last week. The overwhelming majority of the deck are capabilities that only OWASP @CycloneDX BOM Standard supports. Going beyond simple #SBOM use cases and supporting #SaaSBOM, #HBOM, #OBOM, #VDR, and #VEX today, and in two months time will also be supporting #MLBOM, #MBOM, and bill of attestations. And let's not forget about #CBOM for inventory of cryptographic assets for analysis in a post-quantum world. Thanks to the many organizations and individuals contributing to the standard, the future is incredibly bright.
https://docs.google.com/presentation/d/1ixB79pj-CRneIyW5jAEF242MyQ0JLxqd3uT8LNQw8bE/edit