{"id":3427,"date":"2023-06-01T00:08:46","date_gmt":"2023-05-31T22:08:46","guid":{"rendered":"https:\/\/cybernode.se\/?page_id=3427"},"modified":"2023-08-23T15:24:45","modified_gmt":"2023-08-23T13:24:45","slug":"working-group-secure-supply-chains-open-source","status":"publish","type":"page","link":"https:\/\/cybernode.se\/working-group-secure-supply-chains-open-source\/","title":{"rendered":"Working group Secure supply chains\/Open Source"},"content":{"rendered":"\n<p><strong>[23-08-22]<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About the group<\/h2>\n\n\n\n<p>Innovation depends on openness and cooperation, therefore the focus on open source in supply chains. Vulnerabilities such as Log4J and the escalation of&nbsp;cyber-attacks&nbsp;have&nbsp;sparked initiatives in both&nbsp;the&nbsp;US and Europe to improve security. The group will share&nbsp;knowledge and also analyze&nbsp;supply chain related topics on a global scale such as&nbsp;the&nbsp;EU Cyber Resilience Act&nbsp;(CRA)&nbsp;and&nbsp;OpenSSF.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Ongoing work<\/h2>\n\n\n\n<p>The&nbsp;<a href=\"https:\/\/eur05.safelinks.protection.outlook.com\/?url=https%3A%2F%2Fbomresolver.io%2F&amp;data=05%7C01%7Cmartin.bergling%40ri.se%7C0be4b0ec81754eaa035408db76eed6aa%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638234540397054483%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=8k3ManDbst3LdB0jUSmJ%2FXXV2txpdZ3ZxLNAL1Z%2Bqu8%3D&amp;reserved=0\">https:\/\/bomresolver.io<\/a>&nbsp;has been published by a member in&nbsp;Cybernode&nbsp;as open source. The resolver is an&nbsp;innovative solution that backtracks a software supply chain for the Alpine ecosystem. The&nbsp;<a href=\"https:\/\/eur05.safelinks.protection.outlook.com\/?url=https%3A%2F%2Fnosad.se%2F&amp;data=05%7C01%7Cmartin.bergling%40ri.se%7C0be4b0ec81754eaa035408db76eed6aa%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638234540397210709%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=sDhbIhuOkM0R8UfcSrViAhXyOdpABD5NVozHK8%2BwnBU%3D&amp;reserved=0\">https:\/\/nosad.se<\/a>&nbsp;is&nbsp;a forum for Swedish authorities for sharing data and knowledge about open source. In&nbsp;addition&nbsp;to&nbsp;complete rebuild in isolation,&nbsp;the resolver&nbsp;is also capable of&nbsp;distributing&nbsp;revenues generated by providing compliance evidence. The goal is to have continuous and granular funding of open source projects in the software supply&nbsp;chain.<\/p>\n\n\n\n<p><strong>Security category for the group<\/strong>: not yet decided. <\/p>\n\n\n\n<p><strong>Language:<\/strong> English and Swedish (when possible).&nbsp;<\/p>\n\n\n\n<p><strong>Group leader:<\/strong>&nbsp;Hans Thorsen Lamm<\/p>\n\n\n\n<p><strong>Contact:&nbsp;<\/strong><a href=\"mailto:hans@lammda.se\">hans@lammda.se<\/a><\/p>\n\n\n\n<p><strong>Participating companies\/organizations:<\/strong>&nbsp; Lamm Consulting, Edvina AB, RISE, Link\u00f6ping university, Redigo.&nbsp;<\/p>\n\n\n\n<p>If you are interested in participating in the group, contact Hans Thorsen Lamm or Cybernode coordinator Martin Bergling.<\/p>\n\n\n\n<p><strong>This web page will be continuously updated with: <\/strong><\/p>\n\n\n\n<ul>\n<li>Meeting presentations<\/li>\n\n\n\n<li>Meeting recordings<\/li>\n\n\n\n<li>Reference project(s) for SBOM<\/li>\n\n\n\n<li>SBOM related information<\/li>\n<\/ul>\n\n\n\n<p><strong>Meeting recordings and presentations (the newest at the top):<\/strong><\/p>\n\n\n\n<ul>\n<li><strong>23-08-22<\/strong>: Group meeting\n<ul>\n<li>Recorded presentation: <a rel=\"noreferrer noopener\" href=\"https:\/\/youtu.be\/y3CZFA58ybQ\" target=\"_blank\">youtu.be\/y3CZFA58ybQ<\/a> (English)<\/li>\n\n\n\n<li>Presentation: <a href=\"https:\/\/cybernode.se\/app\/uploads\/2023\/08\/cybernode_2023_08_22.pdf\">LINK<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>23-06-14<\/strong>: Group meeting, NOSAD &amp; SBOM. \n<ul>\n<li>Recorded presentation: <a href=\"https:\/\/youtu.be\/GdR4rcB7R4s\">youtu.be\/GdR4rcB7R4s<\/a>  (English)<\/li>\n\n\n\n<li>Presentation (PDF): <a href=\"https:\/\/cybernode.se\/app\/uploads\/2023\/06\/NOSAD-SBOM-cybernode_2023_06_14_public-1.pdf\">LINK<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>23-05-26<\/strong>: Recorded group meeting :  <a href=\"https:\/\/youtu.be\/KX-fRT5wnTw\">https:\/\/youtu.be\/KX-fRT5wnTw<\/a>  (Swedish)<\/li>\n\n\n\n<li><strong>23-05-11<\/strong>: Recorded group meeting : <a href=\"https:\/\/youtu.be\/UpXK1M_iFOI\">https:\/\/youtu.be\/UpXK1M_iFOI<\/a>  (Swedish)<\/li>\n\n\n\n<li><strong>23-05-04<\/strong>: Webinar with Olle Johansson\/Edvina , about CRA and new requirements on software: <a href=\"https:\/\/youtu.be\/3Yq2cCPChNY\">https:\/\/youtu.be\/3Yq2cCPChNY<\/a> (Swedish)<\/li>\n<\/ul>\n\n\n\n<p><strong>About our meetings: <\/strong><\/p>\n\n\n\n<ol type=\"1\" start=\"1\">\n<li>We will use English as standard language from now on (since some of the potential participants are English speaking, and since the group are addressing a global issue).<\/li>\n\n\n\n<li>The presentations at our meetings will be recorded (and published at our web page), but the following discussions will NOT be recorded.<\/li>\n<\/ol>\n\n\n\n<p><strong>About Hans Thorsen Lamm:<\/strong> Experience of products, services and ideas from previos assignments at Ericsson, Saab, T2Data, Assa Abloy, Silicon Graphics etc.&nbsp; Several patents related to information security.&nbsp; My contribution to this group is a SBOM related tool, presented at FossDEM 2022.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[23-08-22] About the group Innovation depends on openness and cooperation, therefore the focus on open source in supply chains. Vulnerabilities such as Log4J and the escalation of&nbsp;cyber-attacks&nbsp;have&nbsp;sparked initiatives in both&nbsp;the&nbsp;US and Europe to improve security. The group will share&nbsp;knowledge and also analyze&nbsp;supply chain related topics on a global scale such as&nbsp;the&nbsp;EU Cyber Resilience Act&nbsp;(CRA)&nbsp;and&nbsp;OpenSSF.&nbsp; Ongoing &hellip; <a href=\"https:\/\/cybernode.se\/working-group-secure-supply-chains-open-source\/\">Continued<\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/cybernode.se\/wp-json\/wp\/v2\/pages\/3427"}],"collection":[{"href":"https:\/\/cybernode.se\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/cybernode.se\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/cybernode.se\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/cybernode.se\/wp-json\/wp\/v2\/comments?post=3427"}],"version-history":[{"count":12,"href":"https:\/\/cybernode.se\/wp-json\/wp\/v2\/pages\/3427\/revisions"}],"predecessor-version":[{"id":3516,"href":"https:\/\/cybernode.se\/wp-json\/wp\/v2\/pages\/3427\/revisions\/3516"}],"wp:attachment":[{"href":"https:\/\/cybernode.se\/wp-json\/wp\/v2\/media?parent=3427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}