Posts

The SBOM Storage Tax: Optimization at Scale
The SBOM Storage Tax: Optimization at Scale

Following my last post on the “Storage Tax” of binary blob signing, I received some insightful feedback from the co...

The SBOM Signature 'Storage Tax': Money Talks 💰📉
The SBOM Signature 'Storage Tax': Money Talks 💰📉

Over the last few weeks, I’ve been deep in the weeds of technical best practices for signing SBOMs. I’ve discussed ...

🚨 Call for Feedback: A Standardized Approach to SBOM Signing
🚨 Call for Feedback: A Standardized Approach to SBOM Signing

The new benchmark by which all SBOM signing and verification tools will be judged. This Frida...

Implementing Data-Aware Signing
Implementing Data-Aware Signing

I recently argued that with SBOMs we need to stop signing the “container” (the file) and start signing the “c...

Stop Signing the Container 📦, Start Signing the Content
Stop Signing the Container 📦, Start Signing the Content

In my current work with the OpenSSF SBOM...

The Binary Blob Trap in SBOM Signing 🪤
The Binary Blob Trap in SBOM Signing 🪤

Is the industry’s favourite SBOM signing tool actually creating a verific...