Just stumbled upon the #SPDX #Crypto #List Group
This list provides a shared, unambiguous vocabulary for
identifying and #referencing #cryptographic #algorithms in Software Bill of
Materials (SBOMs), SPDX documents, and related tooling.
https://lists.spdx.org/g/spdx-security/topic/introduction_of_the_spdx/114545649
Key BIS advice for banks: start your quantum-safe transition NOW. That means inventorying all your crypto (#CBOM), assigning a lead exec for quantum readiness, and realizing this isn’t a “just swap algorithms” upgrade. Migrating to #PQC will be a painstaking overhaul, more complex than any past crypto upgrade. #QuantumReadiness https://postquantum.com/industry-news/bis-quantum-roadmap-banking/
I have a small hunch why IBM has a tool that generates a #CBOM and tells you if they are #quantum safe or not...
Suffice to say that it's a reminiscent of the time that Altman traveled around the world and warned everyone that his #hallucination machine is an existential threat to humanity.
Huge congrats (and thank you) to IBM for releasing an open source plugin for SonarQube which generates Cryptography Bill of Materials (#CBOM). https://github.com/IBM/sonar-cryptography
And check out the Authoritative Guide to CBOM available at https://cyclonedx.org/guides/OWASP_CycloneDX-Authoritative-Guide-to-CBOM-en.pdf
#SBOM: #OWASP CycloneDX v1.6 Standard Released, Advances Software Supply Chain Security with Cryptographic Bill of Materials(#CBOM) and CDXA Attestations ("proof-of-compliance"):
👇
https://cyclonedx.org/news/cyclonedx-v1.6-released/
https://cyclonedx.org/news/cyclonedx-v1.6-released/
Couldn’t attend this week’s Dependency-Track community meeting? No worries, we’ve got the recording.
@nscur0 leads us through the project roadmap. We also have special guests from the @CycloneDX #cryptography working group presenting #CBOM. Don’t miss it.
OWASP CycloneDX is ready to support your CRA compliance journey! - by Olle E Johansson
#SBOM #CBOM #VDR #VEX #Ecma #tc54 #cryptography #softwaresupplychain #cra
If you missed the OWASP #CycloneDX community virtual meeting on March 6th the recording is available on YouTube. Learn about the latest DependencyTrack updates and #CBOM or Cryptography Bill of Materials in CycloneDX:
Preparing for post-quantum cryptography? First identify what #AppliedCryptography you have already have in place, says security researcher Daniel Cuthbert. Here's how new tools for generating a Cryptographic Bill of Materials (#CBOM) can help.
https://www.databreachtoday.com/preparing-for-post-quantum-learn-what-cryptography-you-have-a-23881
In a #postquantum cryptographic world you will need #Cryptography Bill of Materials or #CBOM... this information doesn't and it shouldn't be collected manually, since there are ways to generate a list out of repository GitHub. Not for all languages, but at least for #python #c and #c++.
https://github.blog/2023-12-05-addressing-post-quantum-cryptography-with-codeql/
Great article from Basil Hess and Nicklas Körtge on Cryptography Bill of Materials (CBOM), the many use cases, and how we're building this capability into #OWASP @CycloneDX v1.6.
https://owasp.org/blog/2023/10/03/CycloneDX-Cryptography-CBOM.html
#SBOM #CBOM #CSRM #SoftwareTransparency #Cryptography #nsm10 #eo14028
@ExtraPenguin Thank you 😘. Oops I realize that was a confusing post! 😂 I should have tagged our dear @ADailyViolet! She is our favourite boss bunny and a Celebrity Bun of Mastodon #CBOM ☺️. It was her birthday yesterday and we love her so! 🥳💜
(PS Skye’s Gotcha Day is Nov 2- because she’s a rescue we found outside, we don’t know her actual birthday!)
Here's the deck I presented to the DoD CIO panel last week. The overwhelming majority of the deck are capabilities that only OWASP @CycloneDX BOM Standard supports. Going beyond simple #SBOM use cases and supporting #SaaSBOM, #HBOM, #OBOM, #VDR, and #VEX today, and in two months time will also be supporting #MLBOM, #MBOM, and bill of attestations. And let's not forget about #CBOM for inventory of cryptographic assets for analysis in a post-quantum world. Thanks to the many organizations and individuals contributing to the standard, the future is incredibly bright.
https://docs.google.com/presentation/d/1ixB79pj-CRneIyW5jAEF242MyQ0JLxqd3uT8LNQw8bE/edit
