home.social
Sign in Create account

#securesupplychain — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #securesupplychain, aggregated by home.social.

  1. Oej @[email protected] ·

    At the heart of the CVE process and the matching done with the NVD database is the name of the manufacturer and the artefact - the software, system, library or mobile application. It's vital for this to work that the name in the #SBOM is correct to make the match work. The community has developed #PURL - package URL - to improve but so far the CVE/NVD eco system has not adopted PURL.

    This needs to be fixed to make sure that the name in the SBOM matches the right set of vulnerabilities.

    #SBOM #securesupplychain #CycloneDX #OpenVEX #VEX #OpenSource

    #sbom #purl #securesupplychain #cyclonedx #openvex #vex