💾 Archived View for gemini.bortzmeyer.org › fosdem › event-11540.gmi captured on 2021-12-17 at 13:26:06. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

FOSDEM event "Evolving vulnerabilities in CycloneDX"

Gareth Rushgrove

Type devroom

Starts on day 2 (2021-02-07) at 17:00 (Brussels time, UTC+1) in room Composition (duration 00:15)

Matrix room #composition:fosdem.org

CycloneDX is a software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis. It's developed in the open and widely implemented in open source tooling. As well as quick introduction to CycloneDX, this talk will look in particular at the vulnerability extension.

Modelling vulnerabilities in software is surprisingly complex. In this talk we'll look at some of the current issues in the CycloneDX vulnerability extension, summarise some of the ongoing discussions in this area, and get people's input on proposals for improvements.

FOSDEM schedule page