Re: [spdx] Completely new to this - link to SBOM data?

2023-08-28 Thread Ivana Atanasova via lists.spdx.org 
Hi Mark,

You could also check the SBOM Know 
How<https://sbom-know-how.readthedocs.io/en/latest/> docs for information about 
specs, advisories, and tools classification.

Best,
Ivana

---
Ivana Atanasova
VMware Open Source Technology Center

From: spdx@lists.spdx.org  on behalf of Surendra Pathak 
via lists.spdx.org 
Date: Sunday, 27 August 2023, 1:23
To: spdx@lists.spdx.org 
Subject: Re: [spdx] Completely new to this - link to SBOM data?
!! External Email
 Hi Mark, I recommend checking out: https://github.com/awesomeSBOM/awesome-sbom 
. It is a compilation of an open source repository of tools, videos, and other 
resources and you can play with a number of those tools to get the feel.

Thanks
Surendra

On Thu, Aug 24, 2023 at 12:20 PM Ria Schalnat (HPE) 
mailto:ria.schal...@hpe.com>> wrote:
I’ve been doing this for a while but I wasn’t aware of this podcast and I LOVE 
them!  Great for multi-tasking!  Thanks for sharing this, Brian!

Best regards,


Ria Farrell Schalnat (she/her)

Open Source Program Office<https://opensource.corp.hpecorp.net/>

[TextDescription automatically generated with low confidence]




From: spdx@lists.spdx.org<mailto:spdx@lists.spdx.org> 
mailto:spdx@lists.spdx.org>> On Behalf Of Brian Fox
Sent: Thursday, August 24, 2023 9:01 AM
To: spdx@lists.spdx.org<mailto:spdx@lists.spdx.org>
Subject: Re: [spdx] Completely new to this - link to SBOM data?

Hi Mark, if you happen to be into podcasts, I highly recommend this one. I've 
been involved in SBOMs and related tech for longer than the term "SBOM" and I 
still find new information here. The early episodes do a fantastic job at 
covering a lot of the space from many angles. https://dabom.show/introduction/

On Thu, Aug 24, 2023 at 11:45 AM Mark P. Farrell via 
lists.spdx.org<http://lists.spdx.org/> 
mailto:usps@lists.spdx.org>> wrote:
I'm very new to SBOM - understanding and this website - and arrived here after 
a redirect URL from Microsoft - Generating Software Bills of Materials (SBOMs) 
with SPDX at Microsoft - 
Engineering@Microsoft<https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/>.
  Is there a link here to help me get up to speed - with the website, quick 
background, and where the SBOM data is located?


!! External Email: This email originated from outside of the organization. Do 
not click links or open attachments unless you recognize the sender.



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1754): https://lists.spdx.org/g/spdx/message/1754
Mute This Topic: https://lists.spdx.org/mt/100937778/21656
Group Owner: spdx+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [spdx] Completely new to this - link to SBOM data?

2023-08-26 Thread Surendra Pathak 
 Hi Mark, I recommend checking out:
https://github.com/awesomeSBOM/awesome-sbom . It is a compilation of an
open source repository of tools, videos, and other resources and you can
play with a number of those tools to get the feel.

Thanks
Surendra

On Thu, Aug 24, 2023 at 12:20 PM Ria Schalnat (HPE) 
wrote:

> I’ve been doing this for a while but I wasn’t aware of this podcast and I
> LOVE them!  Great for multi-tasking!  Thanks for sharing this, Brian!
>
>
>
> Best regards,
>
>
>
>
>
> *Ria Farrell Schalnat* (she/her)
>
>
>
> Open Source Program Office <https://opensource.corp.hpecorp.net/>
>
>
>
> [image: Text Description automatically generated with low confidence]
>
>
>
>
>
>
>
> *From:* spdx@lists.spdx.org  *On Behalf Of *Brian Fox
> *Sent:* Thursday, August 24, 2023 9:01 AM
> *To:* spdx@lists.spdx.org
> *Subject:* Re: [spdx] Completely new to this - link to SBOM data?
>
>
>
> Hi Mark, if you happen to be into podcasts, I highly recommend this one.
> I've been involved in SBOMs and related tech for longer than the term
> "SBOM" and I still find new information here. The early episodes do a
> fantastic job at covering a lot of the space from many angles.
> https://dabom.show/introduction/
>
>
>
> On Thu, Aug 24, 2023 at 11:45 AM Mark P. Farrell via lists.spdx.org
>  wrote:
>
> I'm very new to SBOM - understanding and this website - and arrived here
> after a redirect URL from Microsoft - Generating Software Bills of
> Materials (SBOMs) with SPDX at Microsoft - Engineering@Microsoft
> <https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/>.
> Is there a link here to help me get up to speed - with the website, quick
> background, and where the SBOM data is located?
>
> 
>
>


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1753): https://lists.spdx.org/g/spdx/message/1753
Mute This Topic: https://lists.spdx.org/mt/100937778/21656
Group Owner: spdx+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [spdx] Completely new to this - link to SBOM data?

2023-08-24 Thread Ria Schalnat (HPE) 
I’ve been doing this for a while but I wasn’t aware of this podcast and I LOVE 
them!  Great for multi-tasking!  Thanks for sharing this, Brian!

Best regards,


Ria Farrell Schalnat (she/her)

Open Source Program Office<https://opensource.corp.hpecorp.net/>

[Text  Description automatically generated with low confidence]




From: spdx@lists.spdx.org  On Behalf Of Brian Fox
Sent: Thursday, August 24, 2023 9:01 AM
To: spdx@lists.spdx.org
Subject: Re: [spdx] Completely new to this - link to SBOM data?

Hi Mark, if you happen to be into podcasts, I highly recommend this one. I've 
been involved in SBOMs and related tech for longer than the term "SBOM" and I 
still find new information here. The early episodes do a fantastic job at 
covering a lot of the space from many angles. 
https://dabom.show/introduction/<https://dabom.show/introduction/>

On Thu, Aug 24, 2023 at 11:45 AM Mark P. Farrell via 
lists.spdx.org<http://lists.spdx.org> 
mailto:usps@lists.spdx.org>> wrote:
I'm very new to SBOM - understanding and this website - and arrived here after 
a redirect URL from Microsoft - Generating Software Bills of Materials (SBOMs) 
with SPDX at Microsoft - 
Engineering@Microsoft<https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/>.
  Is there a link here to help me get up to speed - with the website, quick 
background, and where the SBOM data is located?



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1752): https://lists.spdx.org/g/spdx/message/1752
Mute This Topic: https://lists.spdx.org/mt/100937778/21656
Group Owner: spdx+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [spdx] Completely new to this - link to SBOM data?

2023-08-24 Thread Mark P. Farrell via lists.spdx.org 
Thanks for sharing the info.  Greatly appreciate it.

Cordially, Mark P. Farrell, HQ Solutions Architect IV | 3055 Crescentville Rd, 
Rm 226 | Cincinnati, OH 45235-9998
Work ph: 513-733-7266; Cell: 513-260-2853

From: spdx@lists.spdx.org  On Behalf Of Dick Brooks via 
lists.spdx.org
Sent: Thursday, August 24, 2023 12:30 PM
To: spdx@lists.spdx.org
Subject: [EXTERNAL] Re: [spdx] Completely new to this - link to SBOM data?


CAUTION: This email originated from outside USPS. STOP and CONSIDER before 
responding, clicking on links, or opening attachments.

Mark,

You may want to reach out to the CISA ICT_SCRM Task Force for help. They have 
lots of materials available to help government entities with regard to SBOM, 
vulnerability management and implementation guidance.

https://www.cisa.gov/resources-tools/groups/ict-supply-chain-risk-management-task-force

Here is one useful document describing use cases involving SBOM - designed for 
SMB's but also appropriate for larger organizations:

https://www.cisa.gov/sites/default/files/2023-01/Securing-SMB-Supply-Chains_Resource-Handbook_508.pdf
Thanks,

Dick Brooks
[cid:image001.png@01D9D691.2B16B250]  [cid:image002.png@01D9D691.2B16B250]
Active Member of the CISA Critical Manufacturing Sector,
Sector Coordinating Council - A Public-Private Partnership

Never trust software, always verify and 
report!<https://reliableenergyanalytics.com/products> (tm)
http://www.reliableenergyanalytics.com<http://www.reliableenergyanalytics.com/>
Email: d...@reliableenergyanalytics.com<mailto:d...@reliableenergyanalytics.com>
Tel: +1 978-696-1788


From: spdx@lists.spdx.org<mailto:spdx@lists.spdx.org> 
mailto:spdx@lists.spdx.org>> On Behalf Of Mark P. Farrell 
via lists.spdx.org
Sent: Thursday, August 10, 2023 3:53 PM
To: spdx@lists.spdx.org<mailto:spdx@lists.spdx.org>
Subject: [spdx] Completely new to this - link to SBOM data?

I'm very new to SBOM - understanding and this website - and arrived here after 
a redirect URL from Microsoft - Generating Software Bills of Materials (SBOMs) 
with SPDX at Microsoft - 
Engineering@Microsoft<https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/>.
  Is there a link here to help me get up to speed - with the website, quick 
background, and where the SBOM data is located?



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1751): https://lists.spdx.org/g/spdx/message/1751
Mute This Topic: https://lists.spdx.org/mt/100937778/21656
Group Owner: spdx+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [spdx] Completely new to this - link to SBOM data?

2023-08-24 Thread Dick Brooks 
 

Mark,

 

You may want to reach out to the CISA ICT_SCRM Task Force for help. They have 
lots of materials available to help government entities with regard to SBOM, 
vulnerability management and implementation guidance. 

 

https://www.cisa.gov/resources-tools/groups/ict-supply-chain-risk-management-task-force

 

Here is one useful document describing use cases involving SBOM – designed for 
SMB’s but also appropriate for larger organizations:

 

https://www.cisa.gov/sites/default/files/2023-01/Securing-SMB-Supply-Chains_Resource-Handbook_508.pdf
 

Thanks,

 

Dick Brooks

  

Active Member of the CISA Critical Manufacturing Sector, 

Sector Coordinating Council – A Public-Private Partnership

 

 <https://reliableenergyanalytics.com/products> Never trust software, always 
verify and report! ™

 <http://www.reliableenergyanalytics.com/> 
http://www.reliableenergyanalytics.com

Email:  <mailto:d...@reliableenergyanalytics.com> 
d...@reliableenergyanalytics.com

Tel: +1 978-696-1788

 

 

From: spdx@lists.spdx.org  On Behalf Of Mark P. Farrell 
via lists.spdx.org
Sent: Thursday, August 10, 2023 3:53 PM
To: spdx@lists.spdx.org
Subject: [spdx] Completely new to this - link to SBOM data?

 

I'm very new to SBOM - understanding and this website - and arrived here after 
a redirect URL from Microsoft - Generating Software Bills of Materials (SBOMs) 
with SPDX at Microsoft - Engineering@Microsoft 
<https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/>
 .  Is there a link here to help me get up to speed - with the website, quick 
background, and where the SBOM data is located? 





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1750): https://lists.spdx.org/g/spdx/message/1750
Mute This Topic: https://lists.spdx.org/mt/100937778/21656
Group Owner: spdx+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [spdx] Completely new to this - link to SBOM data?

2023-08-24 Thread Brian Fox 
Hi Mark, if you happen to be into podcasts, I highly recommend this one.
I've been involved in SBOMs and related tech for longer than the term
"SBOM" and I still find new information here. The early episodes do a
fantastic job at covering a lot of the space from many angles.
https://dabom.show/introduction/

On Thu, Aug 24, 2023 at 11:45 AM Mark P. Farrell via lists.spdx.org
 wrote:

> I'm very new to SBOM - understanding and this website - and arrived here
> after a redirect URL from Microsoft - Generating Software Bills of
> Materials (SBOMs) with SPDX at Microsoft - Engineering@Microsoft
> .
> Is there a link here to help me get up to speed - with the website, quick
> background, and where the SBOM data is located?
> 
>
>


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1749): https://lists.spdx.org/g/spdx/message/1749
Mute This Topic: https://lists.spdx.org/mt/100937778/21656
Group Owner: spdx+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[spdx] Completely new to this - link to SBOM data?

2023-08-24 Thread Mark P. Farrell via lists.spdx.org 
I'm very new to SBOM - understanding and this website - and arrived here after 
a redirect URL from Microsoft - Generating Software Bills of Materials (SBOMs) 
with SPDX at Microsoft - Engineering@Microsoft ( 
https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/
 ).  Is there a link here to help me get up to speed - with the website, quick 
background, and where the SBOM data is located?


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1748): https://lists.spdx.org/g/spdx/message/1748
Mute This Topic: https://lists.spdx.org/mt/100937778/21656
Group Owner: spdx+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-