Post · bonfire.cafe

Jacques Chester

@jacques@mastodon.chester.id.au · 4 weeks ago

@bagder@gregkh isn’t this what VEX is meant for?

Jacques Chester

@jacques@mastodon.chester.id.au replied · 4 weeks ago

@bagder@gregkh isn’t this what VEX is meant for?

Matt "msw" Wilson

@msw@mstdn.social replied · 2 weeks ago

@jacques @bagder @gregkh

ICYMI, here's a paper that was trying to answer this research question in the context of #OpenSource #Java projects on GitHub: "What do open-source maintainers think about integrating #VEX into their existing SBOMs?"

TL;DR: "In most cases, our augmented SBOMs were not directly accepted because developers required a continuous SBOM update."

https://dl.acm.org/doi/pdf/10.1145/3696630.3728513

#SBOM #CVE #InfoSec

Matt "msw" Wilson

@msw@mstdn.social replied · 2 weeks ago

@jacques @bagder @gregkh

TL;DR: "In most cases, our augmented SBOMs were not directly accepted because developers required a continuous SBOM update."

https://dl.acm.org/doi/pdf/10.1145/3696630.3728513

#SBOM #CVE #InfoSec

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.3.1 no JS en

Automatic federation enabled