cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Cryptography Bill of Materials (CBOM)

Hi All

 

A very interesting line of thought Cryptography Bill of Materials whose background is in Software Bill of Materials (SBOM).

 

Cryptography Bill of Materials (CBOM) is an object model to describe cryptographic assets (short crypto-assets) and their dependencies. CBOM is an extension of the CycloneDX standard for Software Bill of Materials (SBOM), with notions to model crypto assets. CycloneDX was originally designed for use in application security and supply chain component analysis and is the SBOM format most aligned with the CBOM use case.

There is a need to discover, manage and report cryptography as the first step on the migration journey to quantum safe systems and applications. Cryptography is typically buried deep within components that are used to compose and build systems and applications. It makes sense to minimize this effort through alignment and resuse of concepts and components used to implement Software Supply Chain Security (SSCS).

 

You can read the details here: 

 

https://github.com/IBM/CBOM

 

Regards

 

Caute_Cautim

 

 

1 Reply
Caute_cautim
Community Champion

Hi All

 

Do you have a CBOM and are you completing your own for your own organisation?

 

https://owasp.org/blog/2023/10/03/CycloneDX-Cryptography-CBOM.html

 

Regards

 

Caute_Cautim