I had a chat with @oej.edvina.net about The Global Vulnerability Intelligence Platform
Olle is working to build a community around the future of vulnerability identifiers
Don't just give it a listen, but also come help Olle. It's a pretty important problem that nobody can solve alone
DNS Tapir presenting at #fosdem. Ulrika Vincent delivers the introduction with excellence! #dns dnstapir.se
Just discovered this talk
fosdem.org/2026/schedul... at #fosdem by @oej.edvina.net . This is exactly the need that asfaload aims to fill! Looking forward to having a chat!
Join us in the first GVIP summit to discuss the state of the vulnerability management systems and the path forward.
Jan 28th in Brussels, Belgium - part of the EU Open Source Week.
www.gvip-project.org
I am very proud to share that I have been awarded the IP Prize by the Swedish Network Users Society (SNUS). The motivation covers over 30 years of my work with Open Standards, Open Networks and now cyber security. From PC/TCP to Asterisk and Kamailio to the current work.
Thank you SNUS!
The EU Cyber Resilience Act requires manufacturers to have an SBOM - but what does that mean? Last Friday we had a chat about the CRA and SBOMs and it turned out it wasn't easy to figure out.
Check the video at youtu.be/W-E55x8fPyY?...
#SBOM #EUCRA #CRA #SPDX #CYCLONEDX
The OWASP Transparency Exchange API has published our first BETA release for implementors to start implementing the consumer API including the discovery.
Get all the docs including the #openapi specification here:
github.com/CycloneDX/tr...
#OWASP #TEA #SBOM #CYCLONEDX #SPDX
Zen of SBOM #2: "SBOM is not a single process to be completed. It's a lifecycle process".
What do you think? Discuss!
#SBOM #ZENSBOM #SPDX #CYCLONEDX
The global vulnerability intelligence project is making progress. We’re inviting to our first open meeting Tuesday May 20 at 16:00 CET. DM me to get a zoom invite or join the #CVE-wg slack channel in OWASP slack.
#CVE #NVD #ALLVD
A video recording of the webinar on a global vulnerability management platform is now available on YouTube. Let’s work together to build a strong multi-stakeholder platform. SBOMs need to be operational. Customers needs to know if they are safe or not.
#CVE #NVD #SBOM
youtu.be/zSsGLJTgWvU?...
If you have a few minutes to spare, why don't you listen to this chat about Software Bill of Materials with me and KeyFactor's Sven Rajala?
#SBOM #CyberSecurity
www.youtube.com/watch?v=Vqn9...
That’s a question with an unknown answer.
It's getting more and more urgent to build a global system for managing vulnerabilities in software. With new regulation, more vulnerabilities will have to be published and the pressure on the system will be much higher than today. We need to share the cost.
#CyberSecurity #CVE #NVD
🌐 Approximately 75% of the software in use today contains open source code. If you manufacture, maintain, or steward open source software and are unclear how the CRA might impact you, check out the ORC Working Groups GitHub for discussions and resources.
#orcwg #opensource #cra hubs.la/Q037k2Jj0
Find us on YouTube or on Apple Podcasts to learn more about what we learned in Brussels during the EU Open Source Week and the great FOSDEM conference! All about SBOMs, CRA and much more. Anthony and Olle share their experiences and discuss the state of SBOMs.
www.youtube.com/watch?v=urDc...
The OWASP CycloneDX team will be well represented at @fosdem.bsky.social ! We'll talk in the Security dev room and the SBOM dev room. Find us if you want to chat about CycloneDX, PURL, TEA or other CycloneDX projects.
#SBOM #CYCLONEDX #TEA #PURL
@cyclonedx.bsky.social @owasp.org
Our guest this month is Jonathan Meadows, fellow at Citi and active in OpenSSF.
Join us and learn more about the path to a secure software supply chain with Software Bill of Materials as one of the core tools.
Register today!
sbomlive04.eventbrite.com
#SBOM #OPENSSF
Happy new SBOM year! We're starting the year by launching our first SBOM Academy tutorial with Anthony Harrison giving an Introduction to the Software bill of materials (SBOM).
If you have any ideas for tutorials, please do not hesitate to make a comment here!
youtu.be/az_HJJIA0a8?...
#SBOM
We wish all Happy SBOM Holidays! 2024 was the year we launched SBOM Europe and we're getting ready for even more activity during 2025. But first, a nice quiet period of relaxation, SBOM coding and joyful playing with new and old SBOM tools!
Happy holidays!
/Anthony and Olle
Had a really good meeting with the #SCITT community today. I keep using their open meetings to get input for the #OWASP Transparency Exchange API - how to add transparency logs and monitor for abuse, changes and manipulation. Software transparency is a lot about trust.
#SBOM #TEA
This Thursday afternoon (EU time) we'll host a webinar with Johanna Parikka Altenstedt where we will discuss the need for the legal team to be involved while working with making products comply with the new regulations.
Register at sbomlive03.eventbrite.com to participate!
#SBOM #EUCRA #NIS2
Watch my recent talk about the EU Cyber Resilience Act at OWASP BeneluxDays. It talks about how the CRA affects your software development, how the SBOM plays a role and how it affects your business model.
youtu.be/XMAfeQQ2ZOM?...
#CRA #SBOM #OWASP
@owasp.org
Today it's 1092 days left until all software products need to be CE marked and comply with the EU Cyber Resilience Act. It's time to get started. Learn more about this act and how it affects you in our webinar!
youtu.be/511uijZkH_U?...
#SBOM #EUCRA #CRA #CYBERSECURITY
Dec 11th is the day the CRA clock starts to tick. Three years after that, all products that includes software needs to be CE compliant. Join us in this webinar to discuss what it means, and how it will affect your business.
cralaunch.eventbrite.com
#SBOM #CRA #EUCRA
Lifecycle events are important in the secure supply chain for software and hardware. @owasp.org is working on a standard enumeration that will be part of the ECMA standardization. Read more on the OWASP CLE and how that fits in to the Transparency Exchange API (TEA) owasp.org/blog/2024/11...
If your company creates software that manage Software Bill of Material data - SBOMs - then you want to take part of the standardisation of an ECMA standard API for exchanging software transparency artefacts. Join us on November 25th! http://teaintro.even #SPDX #SBOM #INTOTO #CYCLONEDX #OWASP
Testing with custom handle.
