I’m pleased to report that I’ll be working with FOSSA, Inc. to develop blog posts and white papers on particularly important topics having to do with SBOM and VEX. If you don’t know FOSSA, they’re the only developer-native open source management platform. They have the broadest license inventory and vulnerabilities database available. Most interesting to me, the platform can be used to create, import, export and manage SBOMs.
I’m even more pleased to report
that my first
post for FOSSA, “VEX Purpose and Use Cases”, went live on their blog
yesterday. It’s intended to be an introduction to the VEX concept for individuals
who have some knowledge of SBOMs and vulnerability management. It includes
discussions of the primary VEX use case, the fields in a VEX document, and what
I see to be the future of VEX.
I recommend that you take a look at it!
Any opinions expressed in this
blog post are strictly mine and are not necessarily shared by any of the
clients of Tom Alrich LLC. If you would
like to comment on what you have read here, I would love to hear from you.
Please email me at tom@tomalrich.com.
No comments:
Post a Comment