is this interesting or useful to anybody


Jeffrey Otterson
 

I did a project using SPDX SBOM for my Cybersecurity Masters practicum.  

https://github.com/jotterson/sbom-validator

The concept is to detect/prevent supply chain attacks ala SolarWinds.

"This project uses cryptographic hashes in a Software Bill Of Materials values to validate the integrity of files in a software package release."  There is a paper there, as well as code.

I'm wondering if I should push to get my changes to spdx tools-python merged. Is this useful to anybody (besides me!)

Thanks,

Jeff

 


Kate Stewart
 

Hi James,

On Wed, Jun 15, 2022 at 12:16 PM <jbotterson@...> wrote:

I did a project using SPDX SBOM for my Cybersecurity Masters practicum.  

https://github.com/jotterson/sbom-validator

The concept is to detect/prevent supply chain attacks ala SolarWinds.

"This project uses cryptographic hashes in a Software Bill Of Materials values to validate the integrity of files in a software package release."  There is a paper there, as well as code.


Very cool!!   Thanks for reaching out and sharing this! 


I'm wondering if I should push to get my changes to spdx tools-python merged. Is this useful to anybody (besides me!)


Yes please.   Fixes to the tools-python are very welcome.
I've add Jeff to the thread who is helping us with these tools as well.

Thanks,
Kate 


VM (Vicky) Brasseur
 

Hey there, Jeff! This is an interesting project (and paper). Thank you for sharing!

 

As far as the changes for the python tools, I recommend sending over a pull request and letting the team have a look to see whether it makes sense to add the changes to the project.

 

--V

 

-- 

VM (Vicky) Brasseur

Director, Senior Strategy Advisor

Open Source Program Office

Wipro Limited

Time Zone: Pacific/West Coast US

 

 

From: <Spdx-outreach@...> on behalf of "jbotterson via lists.spdx.org" <jbotterson=gmail.com@...>
Reply to: "jbotterson@..." <jbotterson@...>
Date: Thursday, June 16, 2022 at 06:35
To: "Spdx-outreach@..." <Spdx-outreach@...>
Subject: is this interesting or useful to anybody

 

CAUTION:This email is received from an external domain. Open the hyperlink(s) & attachment(s) with caution.
.
 

I did a project using SPDX SBOM for my Cybersecurity Masters practicum.  

https://github.com/jotterson/sbom-validator

The concept is to detect/prevent supply chain attacks ala SolarWinds.

"This project uses cryptographic hashes in a Software Bill Of Materials values to validate the integrity of files in a software package release."  There is a paper there, as well as code.

I'm wondering if I should push to get my changes to spdx tools-python merged. Is this useful to anybody (besides me!)

Thanks,

Jeff

 

'The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com'

Internal to Wipro