Discussion
Loading...

#Tag

  • About
  • Code of conduct
  • Privacy
  • Users
  • Instances
  • About Bonfire
Stefano Marinelli
Stefano Marinelli boosted
Peter N. M. Hansteen
@pitrh@mastodon.social  ·  activity timestamp 2 weeks ago

EU CRA: It's Later Than You Think, Time to Engineer Up! https://nxdomain.no/~peter/eu_cra_its_later_than_you_think_time_to_engineer_up.html (or tracked https://bsdly.blogspot.com/2025/09/eu-cra-its-later-than-you-think-time-to.html) for your weekend #sbom #development #software #engineering reading #cra #resilience

EU CRA: It's Later Than You Think, Time to Engineer Up!

© 2025 Peter N. M. Hansteen On December 12 2027, it's already too late. The day before, the European Union Cyber Resilience Act (CRA)...

EU CRA: It's Later Than You Think, Time to Engineer Up!

  • Copy link
  • Flag this post
  • Block
Matt "msw" Wilson
Matt "msw" Wilson boosted
Matt "msw" Wilson
@msw@mstdn.social  ·  activity timestamp 2 weeks ago

@jacques @bagder @gregkh

ICYMI, here's a paper that was trying to answer this research question in the context of #OpenSource #Java projects on GitHub: "What do open-source maintainers think about integrating #VEX into their existing SBOMs?"

TL;DR: "In most cases, our augmented SBOMs were not directly accepted because developers required a continuous SBOM update."

https://dl.acm.org/doi/pdf/10.1145/3696630.3728513

#SBOM #CVE #InfoSec

  • Copy link
  • Flag this post
  • Block
Peter N. M. Hansteen
@pitrh@mastodon.social  ·  activity timestamp 2 weeks ago

EU CRA: It's Later Than You Think, Time to Engineer Up! https://nxdomain.no/~peter/eu_cra_its_later_than_you_think_time_to_engineer_up.html (or tracked https://bsdly.blogspot.com/2025/09/eu-cra-its-later-than-you-think-time-to.html) for your weekend #sbom #development #software #engineering reading #cra #resilience

EU CRA: It's Later Than You Think, Time to Engineer Up!

© 2025 Peter N. M. Hansteen On December 12 2027, it's already too late. The day before, the European Union Cyber Resilience Act (CRA)...

EU CRA: It's Later Than You Think, Time to Engineer Up!

  • Copy link
  • Flag this post
  • Block
Jacques Chester
@jacques@mastodon.chester.id.au  ·  activity timestamp last month
@bagder@gregkh isn’t this what VEX is meant for?
Matt "msw" Wilson
@msw@mstdn.social (and 1 other) recently replied  ·  activity timestamp 2 weeks ago

@jacques @bagder @gregkh

ICYMI, here's a paper that was trying to answer this research question in the context of #OpenSource #Java projects on GitHub: "What do open-source maintainers think about integrating #VEX into their existing SBOMs?"

TL;DR: "In most cases, our augmented SBOMs were not directly accepted because developers required a continuous SBOM update."

https://dl.acm.org/doi/pdf/10.1145/3696630.3728513

#SBOM #CVE #InfoSec

  • Copy link
  • Flag this comment
  • Block
Matt "msw" Wilson
@msw@mstdn.social  ·  activity timestamp last month

Thinking about #InfoSec organizational behaviors derived from cognitive bias. In particular, availability bias from things that are memorable.

#Log4j#Heartbleed #SolarWinds#ShellShock#Spectre#Meltdown#SQLSlammer

Matt "msw" Wilson
@msw@mstdn.social replied  ·  activity timestamp last month

Is it possible that #Log4j will be the most expensive global #InfoSec incident ever, not because of meaningful losses stemming from successful exploitation, but because it continues to be part of the continuous “ #SBOM and patch all the things will fix this!!” drumbeat?

  • Copy link
  • Flag this comment
  • Block
Log in

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances
Bonfire social · 1.0.0-rc.3.13 no JS en
Automatic federation enabled
  • Explore
  • About
  • Members
  • Code of Conduct
Home
Login