home.social

#sboms — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #sboms, aggregated by home.social.

  1. Third-Party Notices (TPNs) are often the only verifiable record when source code or #SBOMs are inaccessible, yet they’re usually trapped in unstructured PDFs.

    A new guest blog by Devashri Datta discusses transforming TPNs into "Security Intelligence."

    openssf.org/blog/2026/04/17/wh

  2. Third-Party Notices (TPNs) are often the only verifiable record when source code or #SBOMs are inaccessible, yet they’re usually trapped in unstructured PDFs.

    A new guest blog by Devashri Datta discusses transforming TPNs into "Security Intelligence."

    openssf.org/blog/2026/04/17/wh

  3. Third-Party Notices (TPNs) are often the only verifiable record when source code or #SBOMs are inaccessible, yet they’re usually trapped in unstructured PDFs.

    A new guest blog by Devashri Datta discusses transforming TPNs into "Security Intelligence."

    openssf.org/blog/2026/04/17/wh

  4. Third-Party Notices (TPNs) are often the only verifiable record when source code or #SBOMs are inaccessible, yet they’re usually trapped in unstructured PDFs.

    A new guest blog by Devashri Datta discusses transforming TPNs into "Security Intelligence."

    openssf.org/blog/2026/04/17/wh

  5. Third-Party Notices (TPNs) are often the only verifiable record when source code or #SBOMs are inaccessible, yet they’re usually trapped in unstructured PDFs.

    A new guest blog by Devashri Datta discusses transforming TPNs into "Security Intelligence."

    openssf.org/blog/2026/04/17/wh

  6. Again for the evening (CET) crowd:

    The recording from NYC*BUG (Properly pronounced "Nice Bug") Saturday January 10th, 2026 session "The Book of PF 4th ed + EU CRA: It's time to Engineer up" is now available:

    Youtube: youtu.be/HOCsvcCm1Ec
    Peertube: toobnix.org/w/bQPtKXKqJMdeYDbz

    #bookofpf #OpenBSD #freebsd #packetfilter #EUCRA #CRA #SBOMS #dependency #supplychain #security @nostarch

  7. Again for the evening (CET) crowd:

    The recording from NYC*BUG (Properly pronounced "Nice Bug") Saturday January 10th, 2026 session "The Book of PF 4th ed + EU CRA: It's time to Engineer up" is now available:

    Youtube: youtu.be/HOCsvcCm1Ec
    Peertube: toobnix.org/w/bQPtKXKqJMdeYDbz

    #bookofpf #OpenBSD #freebsd #packetfilter #EUCRA #CRA #SBOMS #dependency #supplychain #security @nostarch

  8. Again for the evening (CET) crowd:

    The recording from NYC*BUG (Properly pronounced "Nice Bug") Saturday January 10th, 2026 session "The Book of PF 4th ed + EU CRA: It's time to Engineer up" is now available:

    Youtube: youtu.be/HOCsvcCm1Ec
    Peertube: toobnix.org/w/bQPtKXKqJMdeYDbz

    #bookofpf #OpenBSD #freebsd #packetfilter #EUCRA #CRA #SBOMS #dependency #supplychain #security @nostarch

  9. Again for the evening (CET) crowd:

    The recording from NYC*BUG (Properly pronounced "Nice Bug") Saturday January 10th, 2026 session "The Book of PF 4th ed + EU CRA: It's time to Engineer up" is now available:

    Youtube: youtu.be/HOCsvcCm1Ec
    Peertube: toobnix.org/w/bQPtKXKqJMdeYDbz

    #bookofpf #OpenBSD #freebsd #packetfilter #EUCRA #CRA #SBOMS #dependency #supplychain #security @nostarch

  10. Again for the evening (CET) crowd:

    The recording from NYC*BUG (Properly pronounced "Nice Bug") Saturday January 10th, 2026 session "The Book of PF 4th ed + EU CRA: It's time to Engineer up" is now available:

    Youtube: youtu.be/HOCsvcCm1Ec
    Peertube: toobnix.org/w/bQPtKXKqJMdeYDbz

    #bookofpf #OpenBSD #freebsd #packetfilter #EUCRA #CRA #SBOMS #dependency #supplychain #security @nostarch

  11. Andrew Nesbitt takes us on a thrilling journey through the dazzling world of #lockfiles, asking the earth-shattering question: could they be SBOMs? 🚀✨ Spoiler alert: the answer is yes, but in formats as unique as snowflakes. ❄️ Meanwhile, the rest of the world waits with bated breath for the EU to dictate our digital lives! 🇪🇺🔒
    nesbitt.io/2025/12/23/could-lo #SBOMs #digitaltransformation #EUregulations #cybersecurity #HackerNews #ngated

  12. Andrew Nesbitt takes us on a thrilling journey through the dazzling world of #lockfiles, asking the earth-shattering question: could they be SBOMs? 🚀✨ Spoiler alert: the answer is yes, but in formats as unique as snowflakes. ❄️ Meanwhile, the rest of the world waits with bated breath for the EU to dictate our digital lives! 🇪🇺🔒
    nesbitt.io/2025/12/23/could-lo #SBOMs #digitaltransformation #EUregulations #cybersecurity #HackerNews #ngated

  13. Andrew Nesbitt takes us on a thrilling journey through the dazzling world of #lockfiles, asking the earth-shattering question: could they be SBOMs? 🚀✨ Spoiler alert: the answer is yes, but in formats as unique as snowflakes. ❄️ Meanwhile, the rest of the world waits with bated breath for the EU to dictate our digital lives! 🇪🇺🔒
    nesbitt.io/2025/12/23/could-lo #SBOMs #digitaltransformation #EUregulations #cybersecurity #HackerNews #ngated

  14. Andrew Nesbitt takes us on a thrilling journey through the dazzling world of #lockfiles, asking the earth-shattering question: could they be SBOMs? 🚀✨ Spoiler alert: the answer is yes, but in formats as unique as snowflakes. ❄️ Meanwhile, the rest of the world waits with bated breath for the EU to dictate our digital lives! 🇪🇺🔒
    nesbitt.io/2025/12/23/could-lo #SBOMs #digitaltransformation #EUregulations #cybersecurity #HackerNews #ngated

  15. 🧑‍🌾 bomctl makes SBOMs easier to work with by handling format and version differences for you. Convert between SPDX and CycloneDX, upgrade spec versions, and link #SBOMs across suppliers and systems.

    Watch the OpenSSF Project Spotlight about #bomctl: youtu.be/Tax1pNaySYQ?si=98Cg8V

  16. 🧑‍🌾 bomctl makes SBOMs easier to work with by handling format and version differences for you. Convert between SPDX and CycloneDX, upgrade spec versions, and link #SBOMs across suppliers and systems.

    Watch the OpenSSF Project Spotlight about #bomctl: youtu.be/Tax1pNaySYQ?si=98Cg8V

  17. 🧑‍🌾 bomctl makes SBOMs easier to work with by handling format and version differences for you. Convert between SPDX and CycloneDX, upgrade spec versions, and link #SBOMs across suppliers and systems.

    Watch the OpenSSF Project Spotlight about #bomctl: youtu.be/Tax1pNaySYQ?si=98Cg8V

  18. 🧑‍🌾 bomctl makes SBOMs easier to work with by handling format and version differences for you. Convert between SPDX and CycloneDX, upgrade spec versions, and link #SBOMs across suppliers and systems.

    Watch the OpenSSF Project Spotlight about #bomctl: youtu.be/Tax1pNaySYQ?si=98Cg8V

  19. 🧑‍🌾 bomctl makes SBOMs easier to work with by handling format and version differences for you. Convert between SPDX and CycloneDX, upgrade spec versions, and link #SBOMs across suppliers and systems.

    Watch the OpenSSF Project Spotlight about #bomctl: youtu.be/Tax1pNaySYQ?si=98Cg8V

  20. When a new vulnerability drops, the first question is always: Is this in my supply chain? 🔍

    By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.

    🎥 youtu.be/uDT0xes5ico?si=3qMKMs

  21. When a new vulnerability drops, the first question is always: Is this in my supply chain? 🔍

    By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.

    🎥 youtu.be/uDT0xes5ico?si=3qMKMs

  22. When a new vulnerability drops, the first question is always: Is this in my supply chain? 🔍

    By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.

    🎥 youtu.be/uDT0xes5ico?si=3qMKMs

  23. When a new vulnerability drops, the first question is always: Is this in my supply chain? 🔍

    By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.

    🎥 youtu.be/uDT0xes5ico?si=3qMKMs

  24. When a new vulnerability drops, the first question is always: Is this in my supply chain? 🔍

    By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.

    🎥 youtu.be/uDT0xes5ico?si=3qMKMs

  25. I chat with @mbarbero about security happenings at the @EclipseFdn

    My favorite project they have is helping projects generate #SBOMs, but there's a lot happening. If you want to see some public examples of how to do security right, give it a listen!

    opensourcesecurity.io/2025/202

  26. I chat with @mbarbero about security happenings at the @EclipseFdn

    My favorite project they have is helping projects generate #SBOMs, but there's a lot happening. If you want to see some public examples of how to do security right, give it a listen!

    opensourcesecurity.io/2025/202

  27. I chat with @mbarbero about security happenings at the @EclipseFdn

    My favorite project they have is helping projects generate #SBOMs, but there's a lot happening. If you want to see some public examples of how to do security right, give it a listen!

    opensourcesecurity.io/2025/202

  28. I chat with @mbarbero about security happenings at the @EclipseFdn

    My favorite project they have is helping projects generate #SBOMs, but there's a lot happening. If you want to see some public examples of how to do security right, give it a listen!

    opensourcesecurity.io/2025/202

  29. I chat with @mbarbero about security happenings at the @EclipseFdn

    My favorite project they have is helping projects generate #SBOMs, but there's a lot happening. If you want to see some public examples of how to do security right, give it a listen!

    opensourcesecurity.io/2025/202

  30. Our next #JCON2025 session is live: 'SBOMs Are Not Enough' with Brian Demers

    Software Bill of Materials #SBOMs have emerged as a #critical component of #software supply chain #security, promising transparency about the #dependencies in our…

    Grab your coffee and hit play: youtu.be/4jtf9ATNyx8

  31. Our next #JCON2025 session is live: 'SBOMs Are Not Enough' with Brian Demers

    Software Bill of Materials #SBOMs have emerged as a #critical component of #software supply chain #security, promising transparency about the #dependencies in our…

    Grab your coffee and hit play: youtu.be/4jtf9ATNyx8

  32. Our next #JCON2025 session is live: 'SBOMs Are Not Enough' with Brian Demers

    Software Bill of Materials #SBOMs have emerged as a #critical component of #software supply chain #security, promising transparency about the #dependencies in our…

    Grab your coffee and hit play: youtu.be/4jtf9ATNyx8

  33. Our next #JCON2025 session is live: 'SBOMs Are Not Enough' with Brian Demers

    Software Bill of Materials #SBOMs have emerged as a #critical component of #software supply chain #security, promising transparency about the #dependencies in our…

    Grab your coffee and hit play: youtu.be/4jtf9ATNyx8

  34. Our next #JCON2025 session is live: 'SBOMs Are Not Enough' with Brian Demers

    Software Bill of Materials #SBOMs have emerged as a #critical component of #software supply chain #security, promising transparency about the #dependencies in our…

    Grab your coffee and hit play: youtu.be/4jtf9ATNyx8

  35. Next week I will attend to #osseu 2025 from @linuxfoundation to talk about osskb.org , the service that allow OSS devs and projects to detect open source software, so they can curate it, then create accurate and complete #sboms with their tooling of choice, in a reasonable amount of time osseu2025.sched.com/event/25Vu

  36. Next week I will attend to #osseu 2025 from @linuxfoundation to talk about osskb.org , the service that allow OSS devs and projects to detect open source software, so they can curate it, then create accurate and complete #sboms with their tooling of choice, in a reasonable amount of time osseu2025.sched.com/event/25Vu

  37. Next week I will attend to #osseu 2025 from @linuxfoundation to talk about osskb.org , the service that allow OSS devs and projects to detect open source software, so they can curate it, then create accurate and complete #sboms with their tooling of choice, in a reasonable amount of time osseu2025.sched.com/event/25Vu

  38. Next week I will attend to #osseu 2025 from @linuxfoundation to talk about osskb.org , the service that allow OSS devs and projects to detect open source software, so they can curate it, then create accurate and complete #sboms with their tooling of choice, in a reasonable amount of time osseu2025.sched.com/event/25Vu

  39. Next week I will attend to #osseu 2025 from @linuxfoundation to talk about osskb.org , the service that allow OSS devs and projects to detect open source software, so they can curate it, then create accurate and complete #sboms with their tooling of choice, in a reasonable amount of time osseu2025.sched.com/event/25Vu

  40. Great podcast to learn how open source assessment is leveraged in mergers and aquisitions, and the value of SBOM for license compliance: My Open Source Experience Podcast: From Law to OSPOs shows.acast.com/my-open-source #OpenSource #SBOMs #podcast