💾 Archived View for gemini.bortzmeyer.org › fosdem › event-11540.gmi captured on 2022-04-29 at 01:13:32. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-12-17)
-=-=-=-=-=-=-
Gareth Rushgrove
Type devroom
Starts on day 2 (2021-02-07) at 17:00 (Brussels time, UTC+1) in room Composition (duration 00:15)
Matrix room #composition:fosdem.org
CycloneDX is a software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis. It's developed in the open and widely implemented in open source tooling. As well as quick introduction to CycloneDX, this talk will look in particular at the vulnerability extension.
Modelling vulnerabilities in software is surprisingly complex. In this talk we'll look at some of the current issues in the CycloneDX vulnerability extension, summarise some of the ongoing discussions in this area, and get people's input on proposals for improvements.