Couldn’t attend this week’s Dependency-Track community meeting? No worries, we’ve got the recording.
@nscur0 leads us through the project roadmap. We also have special guests from the @CycloneDX #cryptography working group presenting #CBOM. Don’t miss it.
Join us for our next community meeting on January 31st at 3PM UTC (10:00am U.S. Eastern)!
Agenda:
- Project / Release Update (~15 min)
- How IBM CISO uses Dependency-Track (~10 min)
- Q&A (~30 min)
Join us for our very first community meeting on November 15th, 7PM UTC! Get to know the team, see what's up next, ask questions, and get a sneak peek into what we've been building with Project Hyades! Meeting details here:
Great article from Basil Hess and Nicklas Körtge on Cryptography Bill of Materials (CBOM), the many use cases, and how we're building this capability into #OWASP @CycloneDX v1.6.
https://owasp.org/blog/2023/10/03/CycloneDX-Cryptography-CBOM.html
#SBOM #CBOM #CSRM #SoftwareTransparency #Cryptography #nsm10 #eo14028
OWASP CycloneDX - The Missing Standard For Describing Cryptography in Software on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
With so many industry firsts which help to identify and reduce risk, Dependency-Track has seen tremendous growth over the years.
We want to thank the amazing community of organizations and government agencies that rely on #OWASP standards and projects every day.
This year, OWASP Dependency-Track is celebrating our 10 year anniversary. And today, we released Dependency-Track v4.8, our first release in this historic year.
Changelog: https://docs.dependencytrack.org/2023/04/18/v4.8.0/
This year, Dependency-Track is celebrating its 10 year anniversary helping organizations reduce supply chain risk.
Today, over 300 million components are represented in @CycloneDX each month and analyzed by Dependency-Track systems.
Thanks for trusting in #OWASP.
Christmas time reminds me of last years Log4j-incident. If you were one of the people involved in either finding, fixing or mitigating the vulnerability during the hectic weekend a year ago, the linked blog post is especially for you. In this blog, I'll outline you how we at SOK are dealing with our supply chain security and third party software components. I'll give an overview of our reasons for collecting SBOMs beyond the preparation for a log4j-level incident. I'll also touch on subjects as strategies, CI/CD integration, SBOM formats and reporting. https://www.linkedin.com/pulse/why-how-sboms-sok-miso-lith #DependencyTrack #Appsec #SBOM #cybersecurity #infosec #security #devops #supplychain #supplychainsecurity
This year, #OWASP Dependency-Track is celebrating its 10th anniversary. 🎂 🎉 The project is responsible for a lot of industry “firsts” which we’ll discover in the weeks to come. But this year, we’re going to celebrate our wins while we push onward.
https://owasp.org/blog/2023/01/10/Celebrating-10-years-of-Dependency-Track.html
Steve Springett 
Miso Lith