Discussion
Loading...

Post

  • About
  • Code of conduct
  • Privacy
  • Users
  • Instances
  • About Bonfire
Jacques Chester
@jacques@mastodon.chester.id.au  ·  activity timestamp 4 weeks ago
@bagder@gregkh isn’t this what VEX is meant for?
  • Copy link
  • Flag this post
  • Block
Jacques Chester
@jacques@mastodon.chester.id.au replied  ·  activity timestamp 4 weeks ago
@bagder@gregkh isn’t this what VEX is meant for?
  • Copy link
  • Flag this comment
  • Block
Matt "msw" Wilson
@msw@mstdn.social replied  ·  activity timestamp 2 weeks ago

@jacques @bagder @gregkh

ICYMI, here's a paper that was trying to answer this research question in the context of #OpenSource #Java projects on GitHub: "What do open-source maintainers think about integrating #VEX into their existing SBOMs?"

TL;DR: "In most cases, our augmented SBOMs were not directly accepted because developers required a continuous SBOM update."

https://dl.acm.org/doi/pdf/10.1145/3696630.3728513

#SBOM #CVE #InfoSec

  • Copy link
  • Flag this comment
  • Block
Matt "msw" Wilson
@msw@mstdn.social replied  ·  activity timestamp 2 weeks ago

@jacques @bagder @gregkh

ICYMI, here's a paper that was trying to answer this research question in the context of #OpenSource #Java projects on GitHub: "What do open-source maintainers think about integrating #VEX into their existing SBOMs?"

TL;DR: "In most cases, our augmented SBOMs were not directly accepted because developers required a continuous SBOM update."

https://dl.acm.org/doi/pdf/10.1145/3696630.3728513

#SBOM #CVE #InfoSec

  • Copy link
  • Flag this comment
  • Block
Log in

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances
Bonfire social · 1.0.0-rc.3.1 no JS en
Automatic federation enabled
  • Explore
  • About
  • Members
  • Code of Conduct
Home
Login