Reminder: Thursday SPDX General Meeting and Special Presentation
|
Phil Odence
SBOMs in the Windows supply chain, an SPDX success story - Joe Bussell, Microsoft
Abstract: Joe will discuss the implementation of validation of SBOMs representing software packages in the Windows software supply chain. Each stage of the Windows pipeline generates a signed SBOM, providing a comprehensive view of the package and ensuring trust in the supply chain. Downstream consumers validate the COSE signature and content hashes contained in the SPDX SBOM match the hashes of the files in the package to ensure the integrity of the package.
Joe: I'm a technology enthusiast who is passionate about making a positive impact on people's lives. I currently lead a team of engineers in the Windows Engineering System at Microsoft, where we focus on developing secure, reliable, and efficient tools for building a variety of products. I have a diverse technology background, including writing the atlas classes used in the US Air Force's Advanced Computer Flight Planner (ACFP) and developing a wall-mounted fiber-optic spectrometer for water quality assurance. Outside of work, I enjoy gardening, camping, reading, and playing tabletop games like Dungeons & Dragons. I also teach cybersecurity as part of TEALS. Fun fact: I've explored hydrothermal vents in the Southern Ocean a stone's throw from Antarctica on the USCG Polar Star.
Meeting Time: Thurs, April 6, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Join the meeting:
Etherpad for minutes: https://spdx.swinslow.net/p/spdx-general-minutes
Administrative Agenda Attendance Minutes Approval: https://github.com/spdx/meetings/blob/main/general/2023-03-02.md
Special Presentation - Joe
Steering Committee Update - Phil
Technical Team Report – Kate/Gary/Others
Legal Team Report – Jilayne/Paul/Steve
Outreach/Website Team Report – Jack/Sebastian/Alexios
|
|||||||
|
|
|||||||
|
Sam Ellis
Is the meeting running? Several people in the meeting below with no activity…
From: spdx@... <spdx@...> On Behalf Of
Phil Odence via lists.spdx.org
Sent: Tuesday, April 4, 2023 6:31 PM To: SPDX-general <spdx@...> Subject: [spdx] Reminder: Thursday SPDX General Meeting and Special Presentation
SBOMs in the Windows supply chain, an SPDX success story - Joe Bussell, Microsoft
Abstract: Joe will discuss the implementation of validation of SBOMs representing software packages in the Windows software supply chain. Each stage of the Windows pipeline generates a signed SBOM, providing a comprehensive view of the package and ensuring trust in the supply chain. Downstream consumers validate the COSE signature and content hashes contained in the SPDX SBOM match the hashes of the files in the package to ensure the integrity of the package.
Joe: I'm a technology enthusiast who is passionate about making a positive impact on people's lives. I currently lead a team of engineers in the Windows Engineering System at Microsoft, where we focus on developing secure, reliable, and efficient tools for building a variety of products. I have a diverse technology background, including writing the atlas classes used in the US Air Force's Advanced Computer Flight Planner (ACFP) and developing a wall-mounted fiber-optic spectrometer for water quality assurance. Outside of work, I enjoy gardening, camping, reading, and playing tabletop games like Dungeons & Dragons. I also teach cybersecurity as part of TEALS. Fun fact: I've explored hydrothermal vents in the Southern Ocean a stone's throw from Antarctica on the USCG Polar Star.
Meeting Time: Thurs, April 6, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Join the meeting:
Etherpad for minutes: https://spdx.swinslow.net/p/spdx-general-minutes
Administrative Agenda Attendance Minutes Approval: https://github.com/spdx/meetings/blob/main/general/2023-03-02.md
Special Presentation - Joe
Steering Committee Update - Phil
Technical Team Report – Kate/Gary/Others
Legal Team Report – Jilayne/Paul/Steve
Outreach/Website Team Report – Jack/Sebastian/Alexios
|
|||||||
|
|
|||||||
|
Joe Bussell
I am sorry that the tech did not serve us well today. I also have reports of people from Microsoft who joined an empty meeting. There were 20 attendees this morning who did listen to my talk. I believe that it was recorded.
I have attached my slides to this email. -- Joe Bussell Windows Engineering System | Tool Benders
🙋♂️ My pronouns are he/him (why this matters) 👍 Inviting Feedback ⌚ Timezone: (GMT-8) US Pacific
N.B.: I may send mail during times when others are not working. I do not expect engagement from you when you are not working.
From: spdx@... <spdx@...> On Behalf Of
Sam Ellis via lists.spdx.org
Sent: Thursday, April 6, 2023 8:17 AM To: spdx@... Subject: [EXTERNAL] Re: [spdx] Reminder: Thursday SPDX General Meeting and Special Presentation
Is the meeting running? Several people in the meeting below with no activity…
SBOMs in the Windows supply chain, an SPDX success story - Joe Bussell, Microsoft
Abstract: Joe will discuss the implementation of validation of SBOMs representing software packages in the Windows software supply chain. Each stage of the Windows pipeline generates a signed SBOM, providing a comprehensive view of the package and ensuring trust in the supply chain. Downstream consumers validate the COSE signature and content hashes contained in the SPDX SBOM match the hashes of the files in the package to ensure the integrity of the package.
Joe: I'm a technology enthusiast who is passionate about making a positive impact on people's lives. I currently lead a team of engineers in the Windows Engineering System at Microsoft, where we focus on developing secure, reliable, and efficient tools for building a variety of products. I have a diverse technology background, including writing the atlas classes used in the US Air Force's Advanced Computer Flight Planner (ACFP) and developing a wall-mounted fiber-optic spectrometer for water quality assurance. Outside of work, I enjoy gardening, camping, reading, and playing tabletop games like Dungeons & Dragons. I also teach cybersecurity as part of TEALS. Fun fact: I've explored hydrothermal vents in the Southern Ocean a stone's throw from Antarctica on the USCG Polar Star.
Meeting Time: Thurs, April 6, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Join the meeting:
Etherpad for minutes: https://spdx.swinslow.net/p/spdx-general-minutes
Administrative Agenda Attendance Minutes Approval: https://github.com/spdx/meetings/blob/main/general/2023-03-02.md
Special Presentation - Joe
Steering Committee Update - Phil
Technical Team Report – Kate/Gary/Others
Legal Team Report – Jilayne/Paul/Steve
Outreach/Website Team Report – Jack/Sebastian/Alexios
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. |
|||||||
|
|
|||||||
|
Phil Odence
Joe, Thanks so much for doing this and sharing the slides. Inspiring!
From:
spdx@... <spdx@...> on behalf of Joe Bussell via lists.spdx.org <joe.bussell=microsoft.com@...> I am sorry that the tech did not serve us well today. I also have reports of people from Microsoft who joined an empty meeting. There were 20 attendees this morning who did listen to my talk. I believe that it was recorded. I have attached ZjQcmQRYFpfptBannerStart
ZjQcmQRYFpfptBannerEnd I am sorry that the tech did not serve us well today. I also have reports of people from Microsoft who joined an empty meeting. There were 20 attendees this morning who did listen to my talk. I believe that it was recorded.
I have attached my slides to this email. -- Joe Bussell Windows Engineering System | Tool Benders
🙋♂️ My pronouns are he/him (why this matters) 👍 Inviting Feedback ⌚ Timezone: (GMT-8) US Pacific
N.B.: I may send mail during times when others are not working. I do not expect engagement from you when you are not working.
From: spdx@... <spdx@...> On Behalf Of
Sam Ellis via lists.spdx.org
Sent: Thursday, April 6, 2023 8:17 AM To: spdx@... Subject: [EXTERNAL] Re: [spdx] Reminder: Thursday SPDX General Meeting and Special Presentation
Is the meeting running? Several people in the meeting below with no activity…
SBOMs in the Windows supply chain, an SPDX success story - Joe Bussell, Microsoft
Abstract: Joe will discuss the implementation of validation of SBOMs representing software packages in the Windows software supply chain. Each stage of the Windows pipeline generates a signed SBOM, providing a comprehensive view of the package and ensuring trust in the supply chain. Downstream consumers validate the COSE signature and content hashes contained in the SPDX SBOM match the hashes of the files in the package to ensure the integrity of the package.
Joe: I'm a technology enthusiast who is passionate about making a positive impact on people's lives. I currently lead a team of engineers in the Windows Engineering System at Microsoft, where we focus on developing secure, reliable, and efficient tools for building a variety of products. I have a diverse technology background, including writing the atlas classes used in the US Air Force's Advanced Computer Flight Planner (ACFP) and developing a wall-mounted fiber-optic spectrometer for water quality assurance. Outside of work, I enjoy gardening, camping, reading, and playing tabletop games like Dungeons & Dragons. I also teach cybersecurity as part of TEALS. Fun fact: I've explored hydrothermal vents in the Southern Ocean a stone's throw from Antarctica on the USCG Polar Star.
Meeting Time: Thurs, April 6, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Join the meeting:
Etherpad for minutes: https://spdx.swinslow.net/p/spdx-general-minutes
Administrative Agenda Attendance Minutes Approval: https://github.com/spdx/meetings/blob/main/general/2023-03-02.md
Special Presentation - Joe
Steering Committee Update - Phil
Technical Team Report – Kate/Gary/Others
Legal Team Report – Jilayne/Paul/Steve
Outreach/Website Team Report – Jack/Sebastian/Alexios
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. |
|||||||
|
|