Versions Compared

Version Old Version 1 New Version 2
Changes made by

Paweł Pawlak

Paweł Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution






David Wheeler presnetation on SBOM and digital signatures

Operationalization of OpenSSF recommendations is not an easy topic...

David's slides: https://docs.google.com/presentation/d/1BptlMG8kV14FutTMx3s9u4EnIL1Yzxt6-NID5H5XfAE/edit#slide=id.g13d496f372e_0_110

https://openssf.org/oss-security-mobilization-plan/

  • Identifies 3 goals, 10 streams to address those goals

SBOM recommended to be part of build process.

Package managers are good first step. SPDX in SECCOM uses package manager.

Dan Lorenc wrote an interesting papaer on what is inside the container.




Next LFN events

ONE Summit NARegistration Open

  • CFP - Deadline: July 8th; 2022
  • Nov. 15 & 16 2022 Seattle, WA, USA
  • In Person

LFN Developer & Testing Forum NARegistration Open

  • Nov. 17 & 18 2022 Seattle, WA, USA
  • In Person
  • Securiung software supply chain by LFN - new topic to be proposed

Proposals to be submitted.







SECCOM MEETING CALL WILL BE HELD ON 26th OF July'22. 

logging implementation discussion continuation.





Recording: 

View file
name2022-07-26_SECCOM_week.mp4
height150


SECCOM presentation: