The OWASP Transparency Exchange API has published our first BETA release for implementors to start implementing the consumer API including the discovery.

Get all the docs including the #openapi specification here:

github.com/CycloneDX/tr...

#OWASP #TEA #SBOM #CYCLONEDX #SPDX

Zen of SBOM #2: "SBOM is not a single process to be completed. It's a lifecycle process".

What do you think? Discuss!

#SBOM #ZENSBOM #SPDX #CYCLONEDX

The global vulnerability intelligence project is making progress. We’re inviting to our first open meeting Tuesday May 20 at 16:00 CET. DM me to get a zoom invite or join the #CVE-wg slack channel in OWASP slack.

#CVE #NVD #ALLVD

A video recording of the webinar on a global vulnerability management platform is now available on YouTube. Let’s work together to build a strong multi-stakeholder platform. SBOMs need to be operational. Customers needs to know if they are safe or not.

#CVE #NVD #SBOM

youtu.be/zSsGLJTgWvU?...

If you have a few minutes to spare, why don't you listen to this chat about Software Bill of Materials with me and KeyFactor's Sven Rajala?

#SBOM #CyberSecurity

www.youtube.com/watch?v=Vqn9...

That’s a question with an unknown answer.

It's getting more and more urgent to build a global system for managing vulnerabilities in software. With new regulation, more vulnerabilities will have to be published and the pressure on the system will be much higher than today. We need to share the cost.

#CyberSecurity #CVE #NVD

🌐 Approximately 75% of the software in use today contains open source code. If you manufacture, maintain, or steward open source software and are unclear how the CRA might impact you, check out the ORC Working Groups GitHub for discussions and resources.
#orcwg #opensource #cra hubs.la/Q037k2Jj0

Find us on YouTube or on Apple Podcasts to learn more about what we learned in Brussels during the EU Open Source Week and the great FOSDEM conference! All about SBOMs, CRA and much more. Anthony and Olle share their experiences and discuss the state of SBOMs.

www.youtube.com/watch?v=urDc...

The OWASP CycloneDX team will be well represented at @fosdem.bsky.social ! We'll talk in the Security dev room and the SBOM dev room. Find us if you want to chat about CycloneDX, PURL, TEA or other CycloneDX projects.

#SBOM #CYCLONEDX #TEA #PURL

@cyclonedx.bsky.social @owasp.org

Nice guide to navigate through all the events of the EU Open Source week.

Our guest this month is Jonathan Meadows, fellow at Citi and active in OpenSSF.
Join us and learn more about the path to a secure software supply chain with Software Bill of Materials as one of the core tools.

Register today!
sbomlive04.eventbrite.com

#SBOM #OPENSSF

Happy new SBOM year! We're starting the year by launching our first SBOM Academy tutorial with Anthony Harrison giving an Introduction to the Software bill of materials (SBOM).

If you have any ideas for tutorials, please do not hesitate to make a comment here!

youtu.be/az_HJJIA0a8?...

#SBOM

We wish all Happy SBOM Holidays! 2024 was the year we launched SBOM Europe and we're getting ready for even more activity during 2025. But first, a nice quiet period of relaxation, SBOM coding and joyful playing with new and old SBOM tools!

Happy holidays!
/Anthony and Olle

Had a really good meeting with the #SCITT community today. I keep using their open meetings to get input for the #OWASP Transparency Exchange API - how to add transparency logs and monitor for abuse, changes and manipulation. Software transparency is a lot about trust.

#SBOM #TEA

This Thursday afternoon (EU time) we'll host a webinar with Johanna Parikka Altenstedt where we will discuss the need for the legal team to be involved while working with making products comply with the new regulations.

Register at sbomlive03.eventbrite.com to participate!

#SBOM #EUCRA #NIS2

Watch my recent talk about the EU Cyber Resilience Act at OWASP BeneluxDays. It talks about how the CRA affects your software development, how the SBOM plays a role and how it affects your business model.

youtu.be/XMAfeQQ2ZOM?...

#CRA #SBOM #OWASP

@owasp.org

Today it's 1092 days left until all software products need to be CE marked and comply with the EU Cyber Resilience Act. It's time to get started. Learn more about this act and how it affects you in our webinar!

youtu.be/511uijZkH_U?...

#SBOM #EUCRA #CRA #CYBERSECURITY

Dec 11th is the day the CRA clock starts to tick. Three years after that, all products that includes software needs to be CE compliant. Join us in this webinar to discuss what it means, and how it will affect your business.

cralaunch.eventbrite.com

#SBOM #CRA #EUCRA

Lifecycle events are important in the secure supply chain for software and hardware. @owasp.org is working on a standard enumeration that will be part of the ECMA standardization. Read more on the OWASP CLE and how that fits in to the Transparency Exchange API (TEA) owasp.org/blog/2024/11...

If your company creates software that manage Software Bill of Material data - SBOMs - then you want to take part of the standardisation of an ECMA standard API for exchanging software transparency artefacts. Join us on November 25th! http://teaintro.even... #SPDX #SBOM #INTOTO #CYCLONEDX #OWASP

Testing with custom handle.