The Energy Collective Group
This group brings together the best thinkers on energy and climate. Join us for smart, insightful posts and conversations about where the energy industry is and where it is going.
Shared Link
SBOM Vulnerability Attestations – A CARFAX for SBOM’s
Show me the SBOM VDR, a concept that is similar to a "CARFAX" for Software Product SBOM's. The SBOM tells us the ingredients in a software product but the SBOM VDR tells of any known harmful effects (vulnerabilities) that may be present within those ingredients (software components), starting on day one, when the product is first released and is updated continuously over the product lifetime, just like a CARFAX.
Never trust software, always verify and report! (TM)
SBOM Vulnerability Attestations – A CARFAX for SBOM’s
An SBOM VDR is similar to a CARFAX report in that it provides a consumer with an attestation of known issues and their status, i.e. a CVE is not exploitable, before installation, for each component listed in an SBOM, on day one, when a product ships, and throughout the product lifetime. A sample SBOM VDR is available online.
Discussions
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network® is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.
Sign in to Participate