Gareth Rushgrove
Type devroom
Starts on day 2 (2021-02-07) at 17:00 (Brussels time, UTC+1) in room Composition (duration 00:15)
Matrix room #composition:fosdem.org
CycloneDX is a software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis. It's developed in the open and widely implemented in open source tooling. As well as quick introduction to CycloneDX, this talk will look in particular at the vulnerability extension.
Modelling vulnerabilities in software is surprisingly complex. In this talk we'll look at some of the current issues in the CycloneDX vulnerability extension, summarise some of the ongoing discussions in this area, and get people's input on proposals for improvements.
=> FOSDEM schedule page This content has been proxied by September (3851b).Proxy Information
text/gemini; lang=en