Working group Secure supply chains/Open Source
[23-08-22]
About the group
Innovation depends on openness and cooperation, therefore the focus on open source in supply chains. Vulnerabilities such as Log4J and the escalation of cyber-attacks have sparked initiatives in both the US and Europe to improve security. The group will share knowledge and also analyze supply chain related topics on a global scale such as the EU Cyber Resilience Act (CRA) and OpenSSF.
Ongoing work
The https://bomresolver.io has been published by a member in Cybernode as open source. The resolver is an innovative solution that backtracks a software supply chain for the Alpine ecosystem. The https://nosad.se is a forum for Swedish authorities for sharing data and knowledge about open source. In addition to complete rebuild in isolation, the resolver is also capable of distributing revenues generated by providing compliance evidence. The goal is to have continuous and granular funding of open source projects in the software supply chain.
Security category for the group: not yet decided.
Language: English and Swedish (when possible).
Group leader: Hans Thorsen Lamm
Contact: hans@lammda.se
Participating companies/organizations: Lamm Consulting, Edvina AB, RISE, Linköping university, Redigo.
If you are interested in participating in the group, contact Hans Thorsen Lamm or Cybernode coordinator Martin Bergling.
This web page will be continuously updated with:
- Meeting presentations
- Meeting recordings
- Reference project(s) for SBOM
- SBOM related information
Meeting recordings and presentations (the newest at the top):
- 23-08-22: Group meeting
- Recorded presentation: youtu.be/y3CZFA58ybQ (English)
- Presentation: LINK
- 23-06-14: Group meeting, NOSAD & SBOM.
- Recorded presentation: youtu.be/GdR4rcB7R4s (English)
- Presentation (PDF): LINK
- 23-05-26: Recorded group meeting : https://youtu.be/KX-fRT5wnTw (Swedish)
- 23-05-11: Recorded group meeting : https://youtu.be/UpXK1M_iFOI (Swedish)
- 23-05-04: Webinar with Olle Johansson/Edvina , about CRA and new requirements on software: https://youtu.be/3Yq2cCPChNY (Swedish)
About our meetings:
- We will use English as standard language from now on (since some of the potential participants are English speaking, and since the group are addressing a global issue).
- The presentations at our meetings will be recorded (and published at our web page), but the following discussions will NOT be recorded.
About Hans Thorsen Lamm: Experience of products, services and ideas from previos assignments at Ericsson, Saab, T2Data, Assa Abloy, Silicon Graphics etc. Several patents related to information security. My contribution to this group is a SBOM related tool, presented at FossDEM 2022.