Just a few days back we were discussing hbom is tricky coz once we try to read in we are going to tamper warantties and today @bunnie.org Released https://bunnie.org/iris hoping this changes the landscape
#hbom #trustbutverify

Let's Go Sharks!!

#hbom #sjsharks #blackhawks

@allanfriedman are there standards like SPDX or CycloneDx for #HBOM ?

One very big new problem in HBOMs i see are the added complexity by product batches that can be bad. Also lots of proprietary tracking.

Raise your hand if you've heard of the AI-BOM yet.

----------------‐---------
Pardon my hashtags...
#AIBOM #AI #ML #MLBOM #NLP #NLPBOM #SSCS #supplychain #supplychainsecurity #SoftwareSupplyChainSecurity #softwaredevelopment #devops #devsecops #securesoftware #sbom #hbom #dbom #BOM #alltheBOMs

Check out this presentation from Tony Turner where he describes BOM Based Threat Modeling.

The possibilities of this approach are quite powerful. Go beyond simple SBOMs and leverage the capabilities of CycloneDX.

#SBOM #SaaSBOM #HBOM #OBOM #OWASP

https://www.youtube.com/watch?v=4SjA1uEqH0s

Here's the deck I presented to the DoD CIO panel last week. The overwhelming majority of the deck are capabilities that only OWASP @CycloneDX BOM Standard supports. Going beyond simple #SBOM use cases and supporting #SaaSBOM, #HBOM, #OBOM, #VDR, and #VEX today, and in two months time will also be supporting #MLBOM, #MBOM, and bill of attestations. And let's not forget about #CBOM for inventory of cryptographic assets for analysis in a post-quantum world. Thanks to the many organizations and individuals contributing to the standard, the future is incredibly bright.

https://docs.google.com/presentation/d/1ixB79pj-CRneIyW5jAEF242MyQ0JLxqd3uT8LNQw8bE/edit