{"id":54303,"date":"2024-04-17T12:29:58","date_gmt":"2024-04-17T16:29:58","guid":{"rendered":"https:\/\/sdtimes.com\/?p=54303"},"modified":"2024-04-17T12:29:58","modified_gmt":"2024-04-17T16:29:58","slug":"openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms","status":"publish","type":"post","link":"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/","title":{"rendered":"OpenSSF, CISA, and DHS collaborate on new open-source project for creating SBOMs"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">A number of security-focused groups have announced they are teaming up on a new open-source project to help secure software supply chains: <\/span><a href=\"https:\/\/github.com\/bom-squad\/protobom\"><span style=\"font-weight: 400;\">Protobom<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The project was created jointly by the Open Source Security Foundation (OpenSSF), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Homeland Security Science and Technology Directorate (DHS S&amp;T).\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Protobom allows companies to read software bill of materials (SBOM) data, create their own SBOMs, and translate SBOMs into different standard formats.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">According to OpenSSF, there are many SBOM formats and schemas out there, which can be challenging for companies. The goal of the new project is to provide a \u201cformat-neutral data layer on top of the standards that lets applications work seamlessly with any kind of SBOM.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">OpenSSF also explained that by integrating Protobom into applications that link SBOM and vulnerability information, organizations will be able to more quickly access the necessary patches and mitigations to keep their software supply chains safe.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cVulnerabilities in software are a key risk in cybersecurity, with known exploits being a primary path for bad actors to inflict a range of harms. By leveraging SBOMs as key elements of software security, we can mitigate the risk to the software supply chain and respond to new risks faster, and more efficiently,\u201d said Allan Friedman, senior advisor and strategist at CISA. \u201cProtobom is a step towards greater efficiency and interoperability by translating across the widely used formats so that tools and organizations can focus on what\u2019s important. It is a positive solution that helps shape a more transparent software-driven world.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Omkhar Arasaratnam, general manager of OpenSSF, added: &#8220;Protobom not only simplifies SBOM creation, but also empowers organizations to proactively manage the risk of their open source dependencies. The security of open source software requires partnership between the public sector, private sector and the community. The OpenSSF is proud to be a part of this mission.&#8221;<\/span><\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<p>A number of security-focused groups have announced they are teaming up on a new open-source project to help secure software supply chains: Protobom. The project was created jointly by the Open Source Security Foundation (OpenSSF), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Homeland Security Science and Technology Directorate (DHS S&amp;T).\u00a0 Protobom allows  &hellip; <a class=\"read-more\" href=\"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/\">continue reading<\/a><!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":752,"featured_media":54304,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"cybocfi_hide_featured_image":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[1],"tags":[7124,1858,102,16056,16931,15730,16101],"coauthors":[11687],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>OpenSSF, CISA, and DHS collaborate on new open-source project for creating SBOMs - SD Times<\/title>\n<meta name=\"description\" content=\"Protobom allows companies to read software bill of materials (SBOM) data, create their own SBOMs, and translate SBOMs into different standard formats.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OpenSSF, CISA, and DHS collaborate on new open-source project for creating SBOMs - SD Times\" \/>\n<meta property=\"og:description\" content=\"Protobom allows companies to read software bill of materials (SBOM) data, create their own SBOMs, and translate SBOMs into different standard formats.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/\" \/>\n<meta property=\"og:site_name\" content=\"SD Times\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SDTimesD2\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-17T16:29:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-2364831_1280.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"668\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jenna Barron\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:site\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jenna Barron\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/\"},\"author\":{\"name\":\"Jenna Barron\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786\"},\"headline\":\"OpenSSF, CISA, and DHS collaborate on new open-source project for creating SBOMs\",\"datePublished\":\"2024-04-17T16:29:58+00:00\",\"dateModified\":\"2024-04-17T16:29:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/\"},\"wordCount\":327,\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-2364831_1280.jpg\",\"keywords\":[\"CISA\",\"DHS\",\"open source\",\"OpenSSF\",\"protobom\",\"SBOM\",\"Supply Chain Security\"],\"articleSection\":[\"Latest News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/\",\"url\":\"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/\",\"name\":\"OpenSSF, CISA, and DHS collaborate on new open-source project for creating SBOMs - SD Times\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-2364831_1280.jpg\",\"datePublished\":\"2024-04-17T16:29:58+00:00\",\"dateModified\":\"2024-04-17T16:29:58+00:00\",\"description\":\"Protobom allows companies to read software bill of materials (SBOM) data, create their own SBOMs, and translate SBOMs into different standard formats.\",\"breadcrumb\":{\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/#primaryimage\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-2364831_1280.jpg\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-2364831_1280.jpg\",\"width\":1280,\"height\":668},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/sdtimes.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OpenSSF, CISA, and DHS collaborate on new open-source project for creating SBOMs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sdtimes.com\/#website\",\"url\":\"https:\/\/sdtimes.com\/\",\"name\":\"SD Times\",\"description\":\"Software Development News\",\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sdtimes.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/sdtimes.com\/#organization\",\"name\":\"SD Times\",\"url\":\"https:\/\/sdtimes.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"width\":225,\"height\":90,\"caption\":\"SD Times\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/SDTimesD2\",\"https:\/\/x.com\/sdtimes\",\"https:\/\/www.linkedin.com\/company\/sdtimes\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786\",\"name\":\"Jenna Barron\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/image\/b4be3423b187642936e62f121111345e\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g\",\"caption\":\"Jenna Barron\"},\"description\":\"Jenna Barron is News Editor of SD Times.\",\"url\":\"https:\/\/sdtimes.com\/author\/jennifer-sargent\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OpenSSF, CISA, and DHS collaborate on new open-source project for creating SBOMs - SD Times","description":"Protobom allows companies to read software bill of materials (SBOM) data, create their own SBOMs, and translate SBOMs into different standard formats.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/","og_locale":"en_US","og_type":"article","og_title":"OpenSSF, CISA, and DHS collaborate on new open-source project for creating SBOMs - SD Times","og_description":"Protobom allows companies to read software bill of materials (SBOM) data, create their own SBOMs, and translate SBOMs into different standard formats.","og_url":"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/","og_site_name":"SD Times","article_publisher":"https:\/\/www.facebook.com\/SDTimesD2","article_published_time":"2024-04-17T16:29:58+00:00","og_image":[{"width":1280,"height":668,"url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-2364831_1280.jpg","type":"image\/jpeg"}],"author":"Jenna Barron","twitter_card":"summary_large_image","twitter_creator":"@sdtimes","twitter_site":"@sdtimes","twitter_misc":{"Written by":"Jenna Barron","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/#article","isPartOf":{"@id":"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/"},"author":{"name":"Jenna Barron","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786"},"headline":"OpenSSF, CISA, and DHS collaborate on new open-source project for creating SBOMs","datePublished":"2024-04-17T16:29:58+00:00","dateModified":"2024-04-17T16:29:58+00:00","mainEntityOfPage":{"@id":"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/"},"wordCount":327,"publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"image":{"@id":"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-2364831_1280.jpg","keywords":["CISA","DHS","open source","OpenSSF","protobom","SBOM","Supply Chain Security"],"articleSection":["Latest News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/","url":"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/","name":"OpenSSF, CISA, and DHS collaborate on new open-source project for creating SBOMs - SD Times","isPartOf":{"@id":"https:\/\/sdtimes.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/#primaryimage"},"image":{"@id":"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-2364831_1280.jpg","datePublished":"2024-04-17T16:29:58+00:00","dateModified":"2024-04-17T16:29:58+00:00","description":"Protobom allows companies to read software bill of materials (SBOM) data, create their own SBOMs, and translate SBOMs into different standard formats.","breadcrumb":{"@id":"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/#primaryimage","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-2364831_1280.jpg","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-2364831_1280.jpg","width":1280,"height":668},{"@type":"BreadcrumbList","@id":"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sdtimes.com\/"},{"@type":"ListItem","position":2,"name":"OpenSSF, CISA, and DHS collaborate on new open-source project for creating SBOMs"}]},{"@type":"WebSite","@id":"https:\/\/sdtimes.com\/#website","url":"https:\/\/sdtimes.com\/","name":"SD Times","description":"Software Development News","publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sdtimes.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/sdtimes.com\/#organization","name":"SD Times","url":"https:\/\/sdtimes.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","width":225,"height":90,"caption":"SD Times"},"image":{"@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SDTimesD2","https:\/\/x.com\/sdtimes","https:\/\/www.linkedin.com\/company\/sdtimes\/"]},{"@type":"Person","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786","name":"Jenna Barron","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/image\/b4be3423b187642936e62f121111345e","url":"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g","caption":"Jenna Barron"},"description":"Jenna Barron is News Editor of SD Times.","url":"https:\/\/sdtimes.com\/author\/jennifer-sargent\/"}]}},"_links":{"self":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/54303"}],"collection":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/users\/752"}],"replies":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/comments?post=54303"}],"version-history":[{"count":1,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/54303\/revisions"}],"predecessor-version":[{"id":54305,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/54303\/revisions\/54305"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media\/54304"}],"wp:attachment":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media?parent=54303"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/categories?post=54303"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/tags?post=54303"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/coauthors?post=54303"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}