finding #SBOM for projects sucks. Even if there is one chances are that you will not find them because they placed somewhere were you will not look.
finding #SBOM for projects sucks. Even if there is one chances are that you will not find them because they placed somewhere were you will not look.
I'm looking for a job, and/or sponsorships for my open source work (mostly #ruby). My daughter has congenital heart disease, and there is no way I could afford her care without insurance. I am grateful for those who already contribute. I currently make 10% of the monthly cost of the health insurance premium, so please contribute monthly if you can. #getfedihired https://github.com/sponsors/pboling
I am currently working to improve the state of  #SBOM (Software Bill of Materials) libraries and compliance in Ruby. SBOMs have been required by the US government since 2023, but  #ruby has been slow to catch on.
https://github.com/CycloneDX/cyclonedx-ruby-gem/pull/38
This Thursday, October 30th 2025 in Bergen: Bergen Open Source 2025, https://boskonf.no.
Tietoevry is among the sponsors, and yours truly will be giving an approximately 20 minute version of EU CRA: It's Later Than You Think, Time to Engineer Up! https://nxdomain.no/~peter/eu_cra_its_later_than_you_think_time_to_engineer_up.html
See you there! #boskonf #opensource #cra #sbom #engineerup #development #freesoftware #libresoftware #tietoevry
This Thursday, October 30th 2025 in Bergen: Bergen Open Source 2025, https://boskonf.no.
Tietoevry is among the sponsors, and yours truly will be giving an approximately 20 minute version of EU CRA: It's Later Than You Think, Time to Engineer Up! https://nxdomain.no/~peter/eu_cra_its_later_than_you_think_time_to_engineer_up.html
See you there! #boskonf #opensource #cra #sbom #engineerup #development #freesoftware #libresoftware #tietoevry
Elixir 1.19 has been released 🚀 with substantial improvements to the type system, compile time performance, OpenChain compliance and signed SBoM to facilitate supply chain management and attestation.
And all this without breaking changes. In other words, code that worked yesterday will continue to work after updating 🤯
#ElixirLang #Elixir #IndieDev #SboM
https://elixir-lang.org/blog/2025/10/16/elixir-v1-19-0-released/
Elixir 1.19 has been released 🚀 with substantial improvements to the type system, compile time performance, OpenChain compliance and signed SBoM to facilitate supply chain management and attestation.
And all this without breaking changes. In other words, code that worked yesterday will continue to work after updating 🤯
#ElixirLang #Elixir #IndieDev #SboM
https://elixir-lang.org/blog/2025/10/16/elixir-v1-19-0-released/
EU CRA: It's Later Than You Think, Time to Engineer Up! https://nxdomain.no/~peter/eu_cra_its_later_than_you_think_time_to_engineer_up.html (or tracked https://bsdly.blogspot.com/2025/09/eu-cra-its-later-than-you-think-time-to.html) for your weekend #sbom #development #software #engineering reading #cra #resilience
ICYMI, here's a paper that was trying to answer this research question in the context of #OpenSource #Java projects on GitHub: "What do open-source maintainers think about integrating #VEX into their existing SBOMs?"
TL;DR: "In most cases, our augmented SBOMs were not directly accepted because developers required a continuous SBOM update."
EU CRA: It's Later Than You Think, Time to Engineer Up! https://nxdomain.no/~peter/eu_cra_its_later_than_you_think_time_to_engineer_up.html (or tracked https://bsdly.blogspot.com/2025/09/eu-cra-its-later-than-you-think-time-to.html) for your weekend #sbom #development #software #engineering reading #cra #resilience
ICYMI, here's a paper that was trying to answer this research question in the context of #OpenSource #Java projects on GitHub: "What do open-source maintainers think about integrating #VEX into their existing SBOMs?"
TL;DR: "In most cases, our augmented SBOMs were not directly accepted because developers required a continuous SBOM update."
Thinking about #InfoSec organizational behaviors derived from cognitive bias. In particular, availability bias from things that are memorable.
#Log4j#Heartbleed #SolarWinds#ShellShock#Spectre#Meltdown#SQLSlammer
 
      
  
             
      
  
             
      
  
             
      
  
             
      
  
               
      
  
            