Search
Items tagged with: sbom
Episode 364 of the #osspodcast in which Kurt had bad shwarma, @joshbressers agrees that good shwarma is great, and we learn that it's also hard to know what's in your software even if you do #SBOM https://opensourcesecurity.io/2023/02/26/episode-364-using-sboms-is-hard/ TL;DR: We got different kinds of SBOM, SBOM drift, services and APIs, and then there some complicated problems on top of all that. Also legal obligations.
Episode 364 – Using SBOMs is hard
Josh and Kurt talk about SBOMs. Quite a bit has happened in the world of SBOMs in the last year or so. There are going to be different types of SBOMs, like build, source, or runtime. Each will tell…Open Source Security
The new Omnibus Bill in the US Senate includes a requirement to "provide to the Secretary a software bill of materials, including commercial, open-source, and off-the-shelf software components" for medical devices.
https://www.appropriations.senate.gov/imo/media/doc/JRQ121922.PDF
If you're not already looking into ways to generate an #SBOM for your product or #OpenSource project, you need to start now, no matter the industry.
/ht Dick Brooks for the pointer
https://www.appropriations.senate.gov/imo/media/doc/JRQ121922.PDF
If you're not already looking into ways to generate an #SBOM for your product or #OpenSource project, you need to start now, no matter the industry.
/ht Dick Brooks for the pointer