SBOM - you've got questions, we've got answers! The NTIA SBOM Awareness & Adoption working group has finished v1 of an FAQ. All you ever wanted to know abt #SBOM but were too lazy to ask. Check it out, share it, & reply with more Qs that we should add ntia.gov/files/ntia/pub…

Detecting a #SolarWinds style attack is difficult. But you can dramatically reduce the likelihood of creating similar incidents by adopting #OWASP SCVS. It includes practical advice to measure and improve your #SoftwareSupplyChain. owasp.org/scvs

The OWASP Software Component Verification Standard project is conducting the 2021 State of the SBOM Survey. Community participation is valuable as we assess the current and future role that Software Bill of Materials play in the industry. docs.google.com/forms/d/e/1FAI… #SBOM #OWASP

Propose your topic for our #OWASP SAMM User Day - May 27th, 2021 - details here: owaspsamm.org/user-day/

SBOM is a foundational, level 1 behavior in #OWASP SCVS. The recommendations from NTIA aligns to the requirements in SCVS.

Mark your calendars! Come celebrate the 20th anniversary of OWASP® Foundation with a tremendous lineup of speakers and industry experts. In relation to SCVS, #SBOM will be presented by @stevespringett and Patrick Dwyer from CycloneDX SBOM Spec (OWASP), a flagship OWASP Standards project.

Join #owasp as we celebrate our 20th Anniversary on Sept. 24! Register now for this 24-hour live, virtual, global FREE event. Agenda will include 5 keynotes, 4 tracks with speakers from around the world, and more! 20thanniversary.owasp.org

ALL OWASP MEMBERS DID YOU VOTE YET? If not, you still have time to vote in the OWASP 2021 Global Board of Directors Election. PLEASE CHECK YOUR EMAIL FOR YOUR BALLOT. YOUR VOTE COUNTS! VOTE NOW!

JS0N Haddix OWASP® Foundation projects: Zed Attack Proxy OWASP Web Security Testing Guide OWASP Juice Shop OWASP Top10 OWASP SKF OWASP Proactive Controls OWASP SAMM Core Rule Set @OWASP_MSTG OWASP ASVS Project Dependency-Track OWASP SCVS Standard OWASP DevSlop 🇺🇦 DefectDojo Secure Coding Dojo @OWASPCornucopia OWASP AppSensor OWASP iGoat #AppSec

The recording of my session at NDC Security is available! Learn about possible attacks against you supply chain and how to prevent against them:

Reminder: Our next project meeting is on: July 21 at 14:00 UTC (9:00 CDT / 10:00 EDT). Meeting ICS: drive.google.com/open?id=1lS4oD… Agenda: - Continue work on BOM maturity model To Join: in: meet.google.com/whc-cqcy-nuy #SBOM #SoftwareSupplyChain #OWASP

We're happy to announce that SCVS now has a dedicated website where project information can be found, the standard can be read, and in the near future the BOM Maturity Model can be explored. scvs.owasp.org #OWASP #SBOM #SoftwareSupplyChain

🗒️ OWASP® Foundation Software Component Verification Standard (SCVS) Overview by Chris Hughes on the 3 levels of maturity across 6 control categories * Inventory * SBOM * Build Environment * Package Management * Component Analysis * Pedigree and Provenance blog.aquia.us/blog/2022-09-2…

Check out this article by Chris Hughes, then head over to scvs.owasp.org to read the standard and see how SCVS can help your organization measure and improve software supply chain assurance. #OWASP #SBOM #SoftwareSupplyChain

OWASP® Foundation Foundation Joins Ecma International to Drive Software Transparency and Standardization of OWASP #CycloneDX. Press release: einpresswire.com/article/661184… Blog post: owasp.org/blog/2023/10/1… #SBOM #SoftwareTransparency #SaaSBOM #HBOM #CBOM #EO14028

We’re proud to announce the immediate availability of the SCVS BOM Maturity Model. The model allows organizations to evaluate #SBOM quality and mature and optimize their investment in software and system transparency. einpresswire.com/article/665343… #OWASP

We published OWASP's response to the ONCD RFI on Open Source Security, mainly to do with memory-safe languages. More details: owasp.org/blog/2023/11/0… A huge thank you to all the OWASP Leaders who contributed. For media, please contact me on [email protected]

Earlier today, Technical Committee 54 was officially convened within Ecma International as a royalty-free task group. #TC54 is chartered with standardizing #OWASP CycloneDX SBOM Spec (OWASP), standards and algorithms that advance transparency and sharing of this information across the supply chain.

OWASP Members change the world. Your membership helps shape the organization and drives our projects and community. If you are not a member or are due for renewal within 60 days, please join or renew today and get 10-25% off! owasp.org/membership > Memberships > Apply