#HBOM

Anant Shrivastava aka anantshrianant@anantshri.info
2025-04-04

Just a few days back we were discussing hbom is tricky coz once we try to read in we are going to tamper warantties and today @bunnie.org Released https://bunnie.org/iris hoping this changes the landscape
#hbom #trustbutverify

Angieang6666
2024-10-18

Let's Go Sharks!!

2023-09-21

@allanfriedman are there standards like SPDX or CycloneDx for #HBOM ?

One very big new problem in HBOMs i see are the added complexity by product batches that can be bad. Also lots of proprietary tracking.

Dewey Ritten :donor:deweyritten@infosec.exchange
2023-09-10
2023-04-14

Check out this presentation from Tony Turner where he describes BOM Based Threat Modeling.

The possibilities of this approach are quite powerful. Go beyond simple SBOMs and leverage the capabilities of CycloneDX.

#SBOM #SaaSBOM #HBOM #OBOM #OWASP

youtube.com/watch?v=4SjA1uEqH0

Steve Springett :verified:stevespringett@infosec.exchange
2023-03-29

Here's the deck I presented to the DoD CIO panel last week. The overwhelming majority of the deck are capabilities that only OWASP @CycloneDX BOM Standard supports. Going beyond simple #SBOM use cases and supporting #SaaSBOM, #HBOM, #OBOM, #VDR, and #VEX today, and in two months time will also be supporting #MLBOM, #MBOM, and bill of attestations. And let's not forget about #CBOM for inventory of cryptographic assets for analysis in a post-quantum world. Thanks to the many organizations and individuals contributing to the standard, the future is incredibly bright.

docs.google.com/presentation/d

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst