Posts

๐Ÿ” What Makes Signing SBOMs Hard in Practice?
๐Ÿ” What Makes Signing SBOMs Hard in Practice?

Everyone agrees SBOMs should be signed. But actually doing it? Thatโ€™s where things get messy. Letโ€™s t...

Your SBOM Can Be Hacked ๐Ÿ“ฆ๐Ÿ’€
Your SBOM Can Be Hacked ๐Ÿ“ฆ๐Ÿ’€

Yes, even the one you just generated. An SBOM (Software Bill of Materials) is supposed to bring transparency and trust t...

Why SBOMs Are Not One-and-Done ๐Ÿ“ฆ๐Ÿ”„
Why SBOMs Are Not One-and-Done ๐Ÿ“ฆ๐Ÿ”„

โœ… Youโ€™ve generated an SBOM. Congratulations! But hereโ€™s the truth. An SBOM is not a report you create once a...

๐—ช๐—ต๐—ผ ๐—ฎ๐—ฐ๐˜๐˜‚๐—ฎ๐—น๐—น๐˜† ๐—ฏ๐˜‚๐—ถ๐—น๐—ฑ๐˜€ ๐—ฆ๐—•๐—ข๐— ๐˜€? ๐—”๐—ป๐—ฑ ๐˜„๐—ต๐—ผ ๐—ป๐—ฒ๐—ฒ๐—ฑ๐˜€ ๐˜๐—ต๐—ฒ๐—บ? ๐Ÿค”๐Ÿ”
๐—ช๐—ต๐—ผ ๐—ฎ๐—ฐ๐˜๐˜‚๐—ฎ๐—น๐—น๐˜† ๐—ฏ๐˜‚๐—ถ๐—น๐—ฑ๐˜€ ๐—ฆ๐—•๐—ข๐— ๐˜€? ๐—”๐—ป๐—ฑ ๐˜„๐—ต๐—ผ ๐—ป๐—ฒ๐—ฒ๐—ฑ๐˜€ ๐˜๐—ต๐—ฒ๐—บ? ๐Ÿค”๐Ÿ”

SBOMs are a critical tool for understanding your software supply chain. But not everyone touches an SBOM the same way. T...

What's Inside an SBOM? ๐Ÿง 
What's Inside an SBOM? ๐Ÿง 

(Image sourced from OWASP CycloneDX SBOM/xBOM Standard) - https://cyclo...

Not all BOMs are created equal ๐Ÿ‘€
Not all BOMs are created equal ๐Ÿ‘€

In the physical world, a Bill of Materials (BOM) is straightforward: ๐Ÿ”ฉ You list the parts ๐Ÿญ You know the ...