The other day we were talking about the CRA and SBOMs. It’s quite clear that the manufacturer needs an SBOM, but what type of SBOM do they mean? CISA has defined many types of SBOMs and it wasn’t clear to us what they referred to. Another question is if the Read more…
There is a lot of talk around the phrase “Shift security left” – but do we need to also discuss “Shift legal left?” Does the legal team join early phases of the development process to be part of risk assessments required by the new CRA legislation? The next SBOM Live! Read more…
The next SBOM Live Webinar will take place November 19th 16-17 CET. Meet Philippe Ombredanne, co-founder of many SBOM standards, inventor of the Package URL and SBOM guru. We’ll discuss SBOM generation, quality and how we can work towards a shared SBOM maturity model. Watch the recording here:
Our first live session where we discuss the world of SBOMs – why do we need them,what can you do with them and how do they fit into the coming regulations? The Software Bill of Materials is a core tool for risk management, dependency tracking, vulnerability handling and license compliance, Read more…