Three weeks ago I reported on the first part of the S4x23 SBOM Challenge run by Idaho National Laboratory (INL), which focused on SBOM Creation. Last week I reported on the second part: SBOM Ingestion. Today’s blog post reports on the final goal of the S4x23 SBOM Challenge, where the participants were provided with INL-generated VEX documents for each target and asked to ingest them.

Two weeks ago I reported on the first part of the SBOM Challenge at the S4x23 cybersecurity conference in Miami, Florida. The Day 1 goal was for each team to create an accurate SBOM for three target artifacts and then identify known vulnerabilities in the components in each SBOM. Today’s blog reports on Day 2 of the S4x23 SBOM Challenge, where Idaho National Laboratory (INL) provided INL-generated SBOMs for each artifact for the participants to...

NOTE: We were going to publish our second blog of the S4x23 SBOM Challenge today. However, the new National Cybersecurity Strategy was released this morning, and we thought that dissecting it for our readers took priority. We’ll go back to the S4x23 SBOM Challenge discussion next week.

There is a lot to unpack and there is even more to read between lines in the Biden Administration's new National Cybersecurity Strategy. Let me lay out the three...