0xKaishakuninFeb 13

Just stumbled upon the #SPDX #Crypto #List Group

This list provides a shared, unambiguous vocabulary for
identifying and #referencing #cryptographic #algorithms in Software Bill of
Materials (SBOMs), SPDX documents, and related tooling.

https://lists.spdx.org/g/spdx-security/topic/introduction_of_the_spdx/114545649

#cbom #sbom

Marin IvezicJul 23, 2025
Key BIS advice for banks: start your quantum-safe transition NOW. That means inventorying all your crypto (#CBOM), assigning a lead exec for quantum readiness, and realizing this isn’t a “just swap algorithms” upgrade. Migrating to #PQC will be a painstaking overhaul, more complex than any past crypto upgrade. #QuantumReadiness https://postquantum.com/industry-news/bis-quantum-roadmap-banking/
Quantum-Readiness Roadmap: BIS Calls Finance to Prepare for the Post-Quantum Era

On July 7, 2025 the Bank for International Settlements (BIS) – often called the “central bank of central banks” – published a major paper titled “Quantum-readiness for the financial system: a roadmap.” This BIS Paper No. 158, authored by experts from BIS’s Innovation Hub and several central banks, provides a comprehensive framework to help the global financial sector transition to quantum-safe cryptography. The BIS (an international institution that “fosters international monetary and financial cooperation” among central banks) rarely sounds the alarm on technology issues so explicitly. Their decision to issue a quantum-readiness roadmap is a clear signal that the threat

PostQuantum - Quantum Computing, Quantum Security, PQC
Apr 15, 2025

I have a small hunch why IBM has a tool that generates a #CBOM and tells you if they are #quantum safe or not...

Suffice to say that it's a reminiscent of the time that Altman traveled around the world and warned everyone that his #hallucination machine is an existential threat to humanity.

#pqc

OWASP CycloneDXJun 10, 2024

Huge congrats (and thank you) to IBM for releasing an open source plugin for SonarQube which generates Cryptography Bill of Materials (#CBOM). https://github.com/IBM/sonar-cryptography

And check out the Authoritative Guide to CBOM available at https://cyclonedx.org/guides/OWASP_CycloneDX-Authoritative-Guide-to-CBOM-en.pdf

#OWASP #SBOM #cryptography

GitHub - IBM/sonar-cryptography: This repository contains a SonarQube Plugin that detects cryptographic assets in source code and generates CBOM.

This repository contains a SonarQube Plugin that detects cryptographic assets in source code and generates CBOM. - IBM/sonar-cryptography

GitHub
Sam Stepanyan  🐘Apr 9, 2024

#SBOM: #OWASP CycloneDX v1.6 Standard Released, Advances Software Supply Chain Security with Cryptographic Bill of Materials(#CBOM) and CDXA Attestations ("proof-of-compliance"):
👇

https://cyclonedx.org/news/cyclonedx-v1.6-released/
https://cyclonedx.org/news/cyclonedx-v1.6-released/

CycloneDX v1.6 Released, Advances Software Supply Chain Security with Cryptographic Bill of Materials and Attestations

CycloneDX v1.6 Released, Advances Software Supply Chain Security with Cryptographic Bill of Materials and Attestations

OWASP Dependency-TrackMar 7, 2024

Couldn’t attend this week’s Dependency-Track community meeting? No worries, we’ve got the recording.

@nscur0 leads us through the project roadmap. We also have special guests from the @CycloneDX #cryptography working group presenting #CBOM. Don’t miss it.

https://www.youtube.com/watch?v=0WPvVCRyLjw

Dependency-Track Community Meeting (2024-03-06)

YouTube
OWASP CycloneDXMar 7, 2024

OWASP CycloneDX is ready to support your CRA compliance journey! - by Olle E Johansson

https://owasp.org/blog/2024/03/07/OWASP-CycloneDX-is-ready-to-support-your-CRA-compliance-journey.html

#SBOM #CBOM #VDR #VEX #Ecma #tc54 #cryptography #softwaresupplychain #cra

OWASP CycloneDX is ready to support your CRA compliance journey! | OWASP Foundation

OWASP CycloneDX is ready to support your CRA compliance journey! on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.

Sam Stepanyan  🐘Mar 7, 2024

If you missed the OWASP #CycloneDX community virtual meeting on March 6th the recording is available on YouTube. Learn about the latest DependencyTrack updates and #CBOM or Cryptography Bill of Materials in CycloneDX:

https://www.youtube.com/watch?v=0WPvVCRyLjw

Dependency-Track Community Meeting (2024-03-06)

YouTube
Show threadSteve "Looking for Work" Pordon (he/him/his)Dec 21, 2023
@jerry well let's see...I have a first-gen Trezor and some dogecoin. #CBOM
Mathew J. SchwartzDec 21, 2023
Preparing for post-quantum cryptography? First identify what #AppliedCryptography you have already have in place, says security researcher Daniel Cuthbert. Here's how new tools for generating a Cryptographic Bill of Materials (#CBOM) can help.
https://www.databreachtoday.com/preparing-for-post-quantum-learn-what-cryptography-you-have-a-23881
Preparing for Post-Quantum? Learn What Cryptography You Have

To help organizations refine their use of cryptography and safer software and to smooth their adoption of quantum-resistant cryptography, a team of researchers has