Last month, the SBOMit community explored how attestations can enhance #SBOMs to secure the software supply chain. Learn why SBOMs alone aren’t enough and how attestations help ensure integrity! Read the recap:
https://openssf.org/blog/2025/03/25/beyond-the-software-bill-of-materials-sbom-ensuring-integrity-with-attestations-event-recap/
#SoftwareSecurity

TODAY Join us live to talk verifiable trust in #software components. Learn to build on #SBOMs w/ CycloneDX attestation plus how to create cryptographically verifiable evidence of #security practices, #automate manual audit workflows & more. https://get.anchore.com/cyclonedxandsboms/

New Webinar The need for verifiable trust in #software components is critical. Learn to build on #SBOMs w/ CycloneDX attestation plus how to create cryptographically verifiable evidence of #security practices, #automate manual audit workflows & more. https://get.anchore.com/cyclonedxandsboms/

#SBOMs are buzzy for sure but why? Join us tomorrow on our series "Understanding SBOMs" - we are demo'ing:
1. How to automate SBOM generation
2. How to integrate SBOMs into #CICD
3. How to control costs
Register today https://get.anchore.com/automate-generate-manage-sboms/

TOMORROW Join our live #webinar with Kate Stewart with crucial insights into #SBOMs and their evolving role in modern #software #development. Learn about #SPDX and so much more. Save your seat https://get.anchore.com/deep-dive-with-kate-stewart/

From BSides Bristol 2024: Navigating The #SBOM Landscape: Formats, Relevance, And Tooling In 2024.

All about #SBOMs, why they matter, their role in cybersecurity. SPDX, CycloneDX, and the tools shaping software transparency.

Great crowd, hope to be back again next year.

https://www.youtube.com/watch?v=XcNepd1A7Ek

#Sigstore creator, #Chainguard CEO, #OpenSSF TAC member and Season 1 guest Dan Lorenc returns to the #ITOps Query podcast to discuss the year in #opensource and #cybersecurity. Topics range from #softwaresupplychain management, hardening #containerimages and #SBOMs in limbo to #openproduct companies and business models, including his own company's shift in focus this year. Plus: a look ahead to #SecOps and #AI in 2025. #yearinreview #2024yearinreview

https://www.podbean.com/ew/pb-ivy26-1778bf6

Was sind SBOMs?

Ein neuer Beitrag auf meinem Blog. Grundlagen zum Thema SBOMs.

https://blog.security-manufaktur.de/sbom/bom/cyclonedx/spdx/opensource/oss/2024/12/17/sbom-grundlagen.html

Bloggingsaturday?

"Das Spiel mit dem Open Source Feuer"?

https://blog.security-manufaktur.de/sbom/cyclonedx/spdx/opensource/oss/kehl/2024/12/07/sbom-security-insider.html

Mich störte die Formulierung massiv, also schrieb ich einen Blog Eintrag dazu.

Are you using #SBOMs as a customer, as a manufacturer or in your Open Source project? Then you're invited to our public webinar on the #OWASP Transparency Exchange API - A standard #API under development to exchange SBOMs and more automatically. Join us Nov 25 at 17:00 CET. Register for free!

Listen to our VP of Security, Josh Bressers on the Floss Weekly podcast. Josh talks with hosts Jonathan Bennett and Dan Lynch about #SBOMs #CVEs #opensource and so much more! Listen now
https://hackaday.com/2024/10/30/floss-weekly-episode-807-bitten-by-the-penguin/

OpenSSF unveils SBOMit - a tool designed to bolster Software Bills of Materials (#SBOMs) with #InToto #attestations.

This development increases transparency & security in the software development process.

To learn more, read #InfoQ: https://bit.ly/48Q2zf1

Improving open source security: SBOMs or merging security and software culture?

Explore with @randall Degges, Head of Developer Relations at Snyk.

#softwaresecurity #SBOMs

Listen on Apple Podcasts:https://podcasts.apple.com/us/podcast/understanding-the-importance-of-security-in/id1658813805?i=1000633224690 Spotify: https://open.spotify.com/episode/3fxwLjX0ogXLpv41Mb73PP