OWASP CycloneDX

This milestone sets the stage for CycloneDX Bill of materials being available as a global xBOM (Bill of Materials) standard for use across multiple domains. CycloneDX is proud to be an OWASP Flagship standards project, and in a community development model with Ecma International’s TC54, underscoring its importance and impact in the industry.

OWASP Foundation today announced the availability of CycloneDX v1.6. This significant release strengthens software supply chain security with the introduction of two innovative capabilities: Cryptographic Bill of Materials (CBOM) and CycloneDX Attestations (CDXA).

The OWASP Foundation, the global non-profit organization dedicated to improving the security of software, is thrilled to announce its membership in Ecma International, a leading standards development organization.

CycloneDX v1.5 sets a new benchmark by incorporating Machine Learning transparency (ML-BOM), Formulation (MBOM), and enhanced support for Software Bill of Materials (SBOM) quality indicators, including evidence and lifecycles embracing both the Software Development Lifecycle (SDLC) and enterprise Software Asset Management (SAM).

Today, OWASP and IBM announced IBM’s contribution of two open source projects, SBOM Utility and License Scanner, to CycloneDX, a flagship OWASP project and a leading Bill of Materials (BOM) standard. These projects promote the validation, content ... [More] analysis and accuracy of software license information included within BOMs in support of increasing trust across open hardware and software supply chains. [Less]

OWASP CycloneDX launched a BOM Exchange API aimed at solving a critical component necessary to operationalize software bill of materials (SBOM). The API standardizes how BOMs are published and retrieved independent of software ecosystem.

CycloneDX adds the ability to communicate vulnerabilities and their exploitability for software defined in a bill of materials. This capability, known as Vulnerability Exploitability Exchange (VEX), works with SBOMs, forming a comprehensive view of ... [More] possible risk. Together, the combination of SBOM and VEX can significantly reduce the efforts and costs associated with vulnerability management [Less]

The OWASP CycloneDX project, creators of the leading Software Bill of Materials (SBOM) format, announced the immediate availability of the CycloneDX Learning Series. The series of short-form content provides an easy path to explore and learn the CycloneDX SBOM standard.

The CycloneDX project, creators of the leading Software Bill of Materials (SBOM) format, announced they will be joining OWASP Foundation as a Flagship Project. This move will provide resources to the CycloneDX project while strengthening OWASP as the leading non-profit security organization providing tools, documentation, and standards.

Continuing our risk-based approach to standards development, CycloneDX v1.3 includes several backward-compatible improvements including Compositions which describe the completeness of inventory and relationships, support for describing evidence of ... [More] copyright statements and additional licenses, support for Protocol Buffers (protobuf) for highly efficient machine-to-machine transport, and support for Properties which is a name/value store allowing easy extensibility of the spec. [Less]