Author: Derek Kruszewski

S4x23 SBOM Challenge — Part 3: VEX Document Ingestion

Three weeks ago I reported on the first part of the S4x23 SBOM Challenge run by Idaho National Laboratory (INL), which focused on SBOM Creation. Last week I reported on the second part: SBOM Ingestion. Today’s blog post reports on the final goal of the S4x23 SBOM Challenge, where the participants were provided with INL-generated VEX documents for each target and asked to ingest them.

Read More

S4x23 SBOM Challenge — Part 2: SBOM Ingestion

Two weeks ago I reported on the first part of the SBOM Challenge at the S4x23 cybersecurity conference in Miami, Florida. The Day 1 goal was for each team to create an accurate SBOM for three target artifacts and then identify known vulnerabilities in the components in each SBOM. Today’s blog reports on Day 2 of the S4x23 SBOM Challenge, where Idaho National Laboratory (INL) provided INL-generated SBOMs for each artifact for the participants to...

Read More

S4x23 SBOM Challenge — Part 1

The aDolus Team has just returned from participating in the SBOM Challenge at the S4x23 cybersecurity conference in Miami, Florida. This blog is the first of a series reporting on what we did during the challenge and what we learned from the process.

Read More

A Deeper Dive into VEX Documents

 

At the end of last summer, I wrote a blog post explaining the merits of Vulnerability Exploitability eXchange (VEX) documents. Almost 8 months later, I stand by the importance of these documents when it comes to efficient management of vulnerabilities. With our CTO, Eric Byres presenting on this very topic at S4x22, it seems like a good time to come back to VEX documents and dig into what they actually look like.

Read More

What is VEX and What Does it Have to Do with SBOMs?

 

Recently, we have been fielding many inquiries here at aDolus regarding “VEX.” If you are not familiar with this mysterious abbreviation, you’ve fortunately landed in the right place. This blog post explains what VEX is and the crucial role VEX plays within the Software Bill of Material (SBOM) space.

Read More

NTIA Publishes Minimum Components of an SBOM

In today’s blog post I’d like to recognize all the hard work done by NTIA (National Telecommunications and Information Administration) and congratulate them on publishing the minimum elements for a Software Bill of Materials… more commonly referred to as an SBOM. In particular, I’d like to give a shout-out to Allan Friedman who has been championing the SBOM cause for some time now. It’s good to see his committed effort captured in this comprehensive...

Read More
Content not found