Subscribe with RSS to keep up with the latest from the OWASP SBOM community.

IBM contributes two open source projects, SBOM Utility and License Scanner, to CycloneDX
01 March 2023 – Wakefield, MA – Today, OWASP and IBM announced IBM’s contribution of two open source projects, SBOM Utility and License Scanner, to CycloneDX, a flagship OWASP project and a leading Bill of Materials (BOM) standard. These projects promote the validation, content analysis and accuracy of software license information included within BOMs in support of increasing trust across open hardware and software supply chains.
Launches reference implementation incorporated into the CycloneDX BOM Repository Server
12 May 2022 – Wakefield, MA – OWASP CycloneDX launched a BOM Exchange API aimed at solving a critical component necessary to operationalize software bill of materials (SBOM). The API standardizes how BOMs are published and retrieved independent of software ecosystem.
Adds support for Vulnerability Exploitability Exchange (VEX), release notes, and improved support for hardware devices
12 January 2022 – Wakefield, MA – CycloneDX adds the ability to communicate vulnerabilities and their exploitability for software defined in a bill of materials. This capability, known as Vulnerability Exploitability Exchange (VEX), works with SBOMs, forming a comprehensive view of possible risk. Together, the combination of SBOM and VEX can significantly reduce the efforts and costs associated with vulnerability management
Subscribe to the CycloneDX YouTube channel for foundational content to accelerate SBOM adoption
16 August 2021 – Bel Air, MD – The OWASP CycloneDX project, creators of the leading Software Bill of Materials (SBOM) format, announced the immediate availability of the CycloneDX Learning Series. The series of short-form content provides an easy path to explore and learn the CycloneDX SBOM standard.
The CycloneDX project, with origins in the OWASP community, formally joins OWASP as a flagship standards project
11 June 2021 – Bel Air, MD – The CycloneDX project, creators of the leading Software Bill of Materials (SBOM) format, announced they will be joining OWASP Foundation as a Flagship Project. This move will provide resources to the CycloneDX project while strengthening OWASP as the leading non-profit security organization providing tools, documentation, and standards.
Adds enhanced support for known unknowns, copyright and license evidence, protocol buffers, and extensibility improvements
04 May 2021 – Continuing our risk-based approach to standards development, CycloneDX v1.3 includes several backward-compatible improvements including Compositions which describe the completeness of inventory and relationships, support for describing evidence of copyright statements and additional licenses, support for Protocol Buffers (protobuf) for highly efficient machine-to-machine transport, and support for Properties which is a name/value store allowing easy extensibility of the spec.

CycloneDX Supporters

Contrast Security
Fortress Information Security
Lockheed Martin