Jamie Clark#OASIS has launched an open software supply chain info modeling (#OSIM) TC , which aims to standardize and promote open #informationmodels for software provenance and #supplychain #security. How do #SBOM, VEX, CSAF, #CycloneDX, and all that fit together? Come see. Checkmarx, Cisco, Cyware, Google, IBM, LegitSecurity, Microsoft, Root, SAP, CISA, and US NSA are already in.
https://www.oasis-open.org/2024/06/20/oasis-launches-osim/
https://www.oasis-open.org/2024/06/20/oasis-launches-osim/
OASIS Launches Global Initiative to Standardize Supply Chain Information Models
Boston, MA – 20 June 2024 – With escalating cybersecurity threats exploiting software supply chain vulnerabilities, there’s an urgent need for better understanding and proactive measures to identify and prevent future risks. Members of OASIS Open, the global open source and standards organization, have formed the Open Supply Chain Information Modeling (OSIM) Technical Committee (TC) […]