Registration is now open for SBOM-a-Rama Fall 2024. This year, introducing the SBOM Solution Showcase. Come join us (online or in Denver) in September! cisa.gov/news-events/ev…

🎙️ New episode: "What’s in the SOSS?" CRob chats with Adolfo García Veytia (puerco) about the fascinating world of Software Bills of Materials (SBOMs) and VEX. Discussion on #SBOM standards, VEX's role in reducing false positives, and much more! 🚀 hubs.la/Q02Cd0040

But of course that's not at all how Microsoft and many others do use them today. Today, security defaults are still too often representative of nothing but a lowest common denominator approach to customer security needs.

Seems like a good time to remember a fun CISA Cyber blog post from last year: cisa.gov/news-events/ne…

Hope you can join us in Denver or online! (and I'm pretty excited about the new graphic)

I’m a city boy, but it really is nice to get away from time to time. Have a great week, everyone!

Sometimes, one may need a pile of lobstah.

Some good points on the economics there. Not sure I agree with the conclusion, but more people (esp in positions like mine and my agency's) should grapple with this essay.

Living the “champagne lounge, steerage seats” lifestyle. Looking forward to a great week in Seoul, talking about supply chain security, OSS, and—of course—#SBOM

The updated Software Bill of Materials (SBOM) Frequently Asked Questions (FAQ) provides information on the benefits of SBOM, common misconceptions and concerns, creation of an SBOM, distributing and sharing an SBOM, and role specific guidance. go.dhs.gov/37S

he wife surprised me with a picnic and what portends to be a fun summer evening in downtown DC.

Got a chance to try this yesterday at a tasting. It has some fun character and complexity. A bit like fino sherry en rama versus good fino.

Solid write up of what a maturing organization should think through for SBOM processes, from whichever vendor or tools you choose.

If you are curious about what #SBOM, #SLSA and #Scorecard are, and how they inter-relate to strengthen #software #security and #trust, you should read this post from @cpswan 👇 blog.thestateofme.com/2024/07/22/sup…

DHS says CISA’s test of AI vulnerability detection methods (required by Biden’s AI EO) determined that “the best use of AI for vulnerability detection currently lies in supplementing and enhancing, as opposed to replacing, existing tools.” dhs.gov/news/2024/07/2…

Just released an exciting episode of "Nerding Out with Viktor" featuring Allan is @allanfriedman on bsky & infosec.exchange from Cybersecurity and Infrastructure Security Agency! We dive into Software Bill of Materials (SBOMs) and their crucial role in cybersecurity. Don't miss this deep dive into the future of secure software! Catch the full episode on

Did you know Docker has an integration for SBOM generation? $ docker sbom gitweekly/git-weekly On Docker Engine you can install it manually. github.com/docker/sbom-cl…

Setting up for our first ever SBOM Solutions Showcase! This Denver ballroom will be filled with 24 organizations from around the world to meet your #sbom needs, with many more listed online. cisa.gov/resources-tool…

In case you missed my news elsewhere: This will be my last week at CISA. I’m sad to be leaving a great team, but very excited for some new projects. And don’t worry—I’ll be finding ways to help out with #SBOM! meritalk.com/articles/cisa-…