Mastodawn

RE: https://social.anoxinon.de/@gnulinux/116289467985502963

Beim GNU/Linux-Podcast spreche ich über Software-Lieferketten, SBOMs u.v.m. im Kontext der Deutschen Bahn. Also nicht nur, was das ist, sondern wie wir damit auch sinnvoll umgehen können und was das mit Engagement in Open-Source-Projekten zu tun hat.

#DeutscheBahn #CRA #SBOM #SupplyChain #Podcast

Max Mehl Mar 17

Today at 10:00 @ #FOSSbackstage, my colleague @cschum and I are going to talk about "getting real with the supply chain". The session will be about how the #OSPO at #DeutscheBahn generates actionable insights from vast data and navigates the triangle of risk/value/people.

Max Mehl Mar 11

TIL my ΔEₒₖ JND is 0.0036 (and what that actually means). Apparently this is quite good. Can you beat it? https://www.keithcirkel.co.uk/whats-my-jnd/?r=AWwgKP__v8vD

What's My JND?

Find your Just Noticeable Difference in colour perception. How small a colour difference can you actually see?

Max Mehl Mar 8

Ist das noch kreative Guerillawerbung oder schon peinliche Anbiederung an jugendliche Kundschaft? #Wero

Max Mehl Mar 8

Andrew Nesbitt Mar 7

Open Source Foundations Consortium Announces Seven New Working Groups

https://nesbitt.io/2026/03/07/announcing-new-working-groups.html

Announcing New Working Groups

The Open Source Foundations Consortium announces seven new working groups.

Andrew Nesbitt

Show thread

Max Mehl Mar 2

The second presentation overlapped slightly with the first, but emphasized the tooling aspect:

• #SBOM lifecycle and blueprint
• Our modular SBOM toolchain for generation, refinement, analysis and storage
• Integration into DevOps workflows
• Our central compliance portal for teams and governance owners
• And how we delight our various users.

This is all heavily based on many great #OpenSource projects, such as those by @anchore and @homebrew.

https://mehl.mx/blog/2026/deutsche-bahns-approach-to-large-scale-sbom-collection-and-use/

[🧵 3/3]

Deutsche Bahn's Approach to Large-Scale SBOM Collection and Use | Max Mehl

At FOSDEM 2026, I presented Deutsche Bahn’s journey from operational need to concrete implementation of large-scale SBOM collection and use. The scale is staggering: approximately 500,000 SBOMs …

Max Mehl

Show thread

Max Mehl Mar 2

Actually, there were two presentations at #FOSDEM. In the first, I focused on the strategic aspects and context of the Cyber Resilience Act (#CRA).

Why does DB need transparency of its software supply chains? Why is it damn hard to achieve this? How did we come from idea to strategy to implementation? And why do we need less a technological and rather an organizational and cultural shift to succeed?

Answers to these questions in the recording and slides.

https://mehl.mx/blog/2026/software-supply-chain-strategy-at-deutsche-bahn/

[🧵 2/3]

Software Supply Chain Strategy at Deutsche Bahn | Max Mehl

At FOSDEM 2026, I presented Deutsche Bahn’s software supply chain strategy in the context of the EU Cyber Resilience Act (CRA), but made clear from the start that CRA was the context, not the …

Max Mehl

Max Mehl Mar 2

I recently presented Deutsche Bahn's ongoing efforts to make its software supply chains more transparent. For the first time, we publicly shared how we set up the internal program, the principles we follow, the overarching architectural blueprint, and the tools we use to create, store, and analyze 80,000+ SBOMs. All of this is to find out, in real time, which of the over 100,000 software components we are using are where and how. [🧵 1/3]

#DeutscheBahn #SBOM #SupplyChain #CRA #NIS2