Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎12-18-2022 04:20 PM
‎12-18-2022 04:20 PM

Cryptography Bill of Materials (CBOM)

Hi All

 

A very interesting line of thought Cryptography Bill of Materials whose background is in Software Bill of Materials (SBOM).

 

Cryptography Bill of Materials (CBOM) is an object model to describe cryptographic assets (short crypto-assets) and their dependencies. CBOM is an extension of the CycloneDX standard for Software Bill of Materials (SBOM), with notions to model crypto assets. CycloneDX was originally designed for use in application security and supply chain component analysis and is the SBOM format most aligned with the CBOM use case.

There is a need to discover, manage and report cryptography as the first step on the migration journey to quantum safe systems and applications. Cryptography is typically buried deep within components that are used to compose and build systems and applications. It makes sense to minimize this effort through alignment and resuse of concepts and components used to implement Software Supply Chain Security (SSCS).

 

You can read the details here: 

 

https://github.com/IBM/CBOM

 

Regards

 

Caute_Cautim

 

 

Reply
1 Reply
Caute_cautim
Community Champion
‎12-11-2023 08:43 PM
‎12-11-2023 08:43 PM

Hi All

 

Do you have a CBOM and are you completing your own for your own organisation?

 

https://owasp.org/blog/2023/10/03/CycloneDX-Cryptography-CBOM.html

 

Regards

 

Caute_Cautim

Reply