JAVAPROMay 29

Wer heute Abhängigkeiten verwaltet, verwaltet auch Risiken. Genau deshalb reichen Versionsnummern in der Parent POM längst nicht mehr aus. Mit Sven Ruppert erfährst du, wie #SBOMs, CRA & NIS2 das Dependency Management in #Java verändern: https://javapro.io/de/die-parent-pom-vom-build-werkzeug-zum-fundament-der-software-supply-chain-security/

#DevSecOps #Maven

RiscreenMay 13

Die G7 haben Mindestbestandteile für #SBOMs bei KI-Systemen vorgelegt. Im Fokus: mehr Transparenz über Modelle, Daten und Abhängigkeiten für mehr #AISecurity in der Lieferkette. #CyberSecurity #SupplyChainSecurity

https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/KI/SBOM-for-AI_minimum-elements.pdf?__blob=publicationFile&v=4

anchoreMay 9

👀 We've all seen the frantic race to find and patch zero-day vulnerabilities. But what if you knew exactly where every instance of a vulnerable component was in your environment?

This on-demand webinar reveals how orgs are using SBOMs to gain advantage and transform their security response. ➡️ Watch the full webinar: https://go.anchore.com/rapid-incident-response-with-sboms/ #SBOMs

JAVAPROMay 6

Viele Java-Teams wissen nicht, welche Libraries wirklich produktiv laufen — bis die nächste #Log4Shell auftaucht. #SBOMs schaffen Transparenz über Abhängigkeiten & Risiken.

Sven Ruppert zeigt die Praxis:
https://javapro.io/de/sbom-fuer-java-entwickler-was-bringt-mir-das-im-alltag-wirklich-teil-1/
https://javapro.io/de/sbom-fuer-java-entwickler-was-bringt-mir-das-im-alltag-wirklich-teil-2/

#Maven #Gradle #CycloneDX

OpenSSFApr 17

Third-Party Notices (TPNs) are often the only verifiable record when source code or #SBOMs are inaccessible, yet they’re usually trapped in unstructured PDFs.

A new guest blog by Devashri Datta discusses transforming TPNs into "Security Intelligence."

https://openssf.org/blog/2026/04/17/why-third-party-notices-are-breaking-at-scale-what-the-ecosystem-needs-next/

anchoreMar 12
SBOM adoption is accelerating, driven by #security best practices and regulatory requirements. This guide explains why #SBOMs matter, how to implement them, and how they fit into a #DevSecOps strategy. Download now: https://get.anchore.com/sbom101-guide-for-devsecops-community/
anchoreFeb 9
#SBOMs are becoming a standard requirement for secure software development. Learn how to generate, manage, and use SBOMs effectively to improve security posture, automate compliance, and reduce risk across your organization. Download the guide: https://get.anchore.com/sbom101-guide-for-devsecops-community/ #devsecops #compliance #security
anchoreJan 21

"It's hard to know what to fix in your software…if you don't know what's in your software." 🛑

Brian Thomason explains why the US Navy prioritizes high-fidelity #SBOMs as the foundation of every security check.

Read the full breakdown on RAISE 2.0: https://anchore.com/blog/how-raise-2-0-is-transforming-navy-devsecops/

Peter N. M. HansteenJan 12

Again for the evening (CET) crowd:

The recording from NYC*BUG (Properly pronounced "Nice Bug") Saturday January 10th, 2026 session "The Book of PF 4th ed + EU CRA: It's time to Engineer up" is now available:

Youtube: https://youtu.be/HOCsvcCm1Ec
Peertube: https://toobnix.org/w/bQPtKXKqJMdeYDbzhrrkEa

#bookofpf #OpenBSD #freebsd #packetfilter #EUCRA #CRA #SBOMS #dependency #supplychain #security @nostarch

NYC*BUG Jan 2026: Upcoming 4th edition of The Book of PF, CRA and more, Peter Hansteen

YouTube
N-gated Hacker NewsDec 24
Andrew Nesbitt takes us on a thrilling journey through the dazzling world of #lockfiles, asking the earth-shattering question: could they be SBOMs? 🚀✨ Spoiler alert: the answer is yes, but in formats as unique as snowflakes. ❄️ Meanwhile, the rest of the world waits with bated breath for the EU to dictate our digital lives! 🇪🇺🔒
https://nesbitt.io/2025/12/23/could-lockfiles-just-be-sboms.html #SBOMs #digitaltransformation #EUregulations #cybersecurity #HackerNews #ngated
Could lockfiles just be SBOMs?

Lockfiles and SBOMs record the same information in different formats. What if package managers used SBOMs directly, instead of converting later?

Andrew Nesbitt