Forum StandaardisatieMay 21

Moet de overheid SBOM-standaarden (CycloneDX & SPDX) verplicht toepassen?

Forum Standaardisatie onderzoekt dit en zoekt experts uit publieke en private sector om mee te denken. Uw kennis over softwarebeveiliging helpt ons bij de toetsing voor de ‘Pas toe of leg uit’-lijst.

📆 25 juni 2026, 10:00-14:00 (midden-Nederland)
Lunch is inbegrepen.

📧 Interesse? Mail ons: [email protected]

Meer info: https://www.forumstandaardisatie.nl/nieuws/oproep-voor-expertsessie-toetsing-sbom-standaarden-cyclonedx-en-spdx

#SBOM #CycloneDX #SPDX #OpenStandaarden #Overheid

JAVAPROMay 6

Viele Java-Teams wissen nicht, welche Libraries wirklich produktiv laufen — bis die nächste #Log4Shell auftaucht. #SBOMs schaffen Transparenz über Abhängigkeiten & Risiken.

Sven Ruppert zeigt die Praxis:
https://javapro.io/de/sbom-fuer-java-entwickler-was-bringt-mir-das-im-alltag-wirklich-teil-1/
https://javapro.io/de/sbom-fuer-java-entwickler-was-bringt-mir-das-im-alltag-wirklich-teil-2/

#Maven #Gradle #CycloneDX

Markus EiseleApr 25

Quarkus can now give you a useful SBOM from the build itself, not just a Maven dependency tree with nicer stationery.

I wrote up the practical path: add `quarkus-cyclonedx`, build a tiny service, inspect the distribution SBOM, generate the dependency SBOM, validate both with the CycloneDX CLI, and archive them in CI.

Boring evidence is still evidence. I like that part.

https://www.the-main-thread.com/p/quarkus-sbom-cyclonedx

#Quarkus #Java #SBOM #CycloneDX

Forum StandaardisatieApr 21

Goed nieuws voor de digitale weerbaarheid van de overheid: @forumstandaardisatie zal de intake van #SBOM-standaarden (#CycloneDX en #SPDX) hervatten.

Een SBOM is als een ingrediëntenlijst voor software: essentieel voor inzicht in de keten en veiligheidsbeheer.

Waarom nu?
De onzekerheid over Europese regelgeving is weggenomen:
👉 NEN-conceptnormen sluiten aan bij de praktijk.
👉 CycloneDX en SPDX worden erkend.
👉 Geen normconflicten met de EU.

Lees meer: https://www.forumstandaardisatie.nl/nieuws/toetsingsprocedure-sbom-wordt-hervat

OWASP CycloneDXMar 3

The Authoritative Guide to AI/ML-BOM from CycloneDX just dropped. Full transparency into your AI supply chain: security, compliance, data lineage, reproducibility. AI regulations are here. Be ready.

#AI #AIBOM #SBOM #OWASP #CycloneDX

https://cyclonedx.org/guides/

Guides and Resources | CycloneDX

Unlock valuable insights and practical guidance to help your organization maximize CycloneDX and reduce supply chain risk.

Nordic Software Security SummiFeb 17

Proudly introducing our speaker Dr Allan Friedman! Allan will talk in the SBOM Focus conference on Friday April 10th. Registration is now open at https://nsss.se

#SBOM #CYCLONEDX #SPDX #CYBERSECURITY #CRA #EUCRA

Nordic Software Security SummiFeb 3

Our sister conference, SBOM FOCUS, is looking for speakers and sponsors. Registration will open soon!

#SBOM #CYCLONEDX #SPDX #CRA

OejFeb 2

Back from #FOSDEM and working on the new European SBOM conference in Stockholm April 10th. Send me your ideas for talks!

#SBOM #CYCLONEDX #SPDX #CYBERSECURITY #CRA #EUCRA

OejFeb 1

The slides for my presentation "Please sign your artefacts. WITH WHAT?" at #FOSDEM in the Security devroom are now available for viewing. A video will be coming soon.

https://fosdem.org/2026/schedule/event/RFFD3M-sign-your-artefacts/

#SBOM #SPDX #CYCLONEDX #OWASP #CYBERSECURITY #PKILOVE #pki

OejFeb 1

At the #AboutCode SBOM tools workshop we talked about creating a way of continuing the discussions. I've just created a #SBOM-tools slack channel in the @orcwg space. Join us to discuss #SBOM tools and interoperability!

https://orcwg.org/participate/

#SBOM #CYCLONEDX #SPDX #PURL

Get Involved in the Open Regulatory Compliance Working Group | Open Regulatory Compliance Working Group

The open source community is collaborating to establish common specifications for secure software development based on open source best practices.

Open Regulatory Compliance Working Group