CycloneDX’s Working Groups drive innovation and ensure the continuous evolution of the specification. Whether you're interested in shaping new features, collaborating on industry-wide standards, or refining the core elements of CycloneDX, there's a Working Group for you.
Feature Working Groups (FWGs) are created to explore and develop large new features proposed for CycloneDX. Each FWG is responsible for delivering detailed proposals to the CycloneDX Core Working Group, following the CycloneDX and Ecma International Community Standardization Process. Currently, five FWGs are active:
The Blueprints feature working group introduces Architectural Bill of Materials (ABOM) and Bill of Behaviors (BOB) to provide deep insights into a system's architecture and behavior. This feature aims to improve defense strategies by detailing expected vs. actual behavior, supporting use cases from threat modeling to compliance, and empowering defenders with a proactive view into software and system transparency.
The TM-BOM feature working group aims to enhance CycloneDX by incorporating threat modeling concepts such as threats, weaknesses, and controls. By standardizing threat modeling data formats and improving interoperability across tools, TM-BOM allows organizations to assess and manage risks more comprehensively, supporting security across M&A, vendor management, and regulatory compliance.
The Cryptography (CBOM) feature working group refines the existing CycloneDX cryptographic standard to enhance risk management and compliance. CBOM enables visibility into cryptographic assets, supporting quantum-safe transitions, policy adherence, and certification tracking, thus promoting proactive cryptographic resilience across diverse software systems.
The OSS Sustainability feature working group improves communication between open-source project maintainers and users, supporting project sustainability. By defining states, needs, and support intentions, it enables maintainers to signal critical updates like funding needs, project handoff, or abandonment, giving users reliable insights for decisions.
The Patents feature working group focuses on integrating patent tracking within CycloneDX to enhance IP risk management and compliance. By centralizing patent data, organizations can detect conflicts, streamline licensing, and leverage IP assets more strategically, supporting smoother due diligence in M&A and fostering opportunities for innovation and collaboration.
Our Core Collaboration Groups drive the foundational work of CycloneDX, shaping the standards, maintaining high-quality implementations, and engaging with industry leaders to address critical needs of the software supply chain. While participation in these groups is more focused, they collaborate closely with the wider CycloneDX community, ensuring that every advancement reflects the shared mission of transparency, security, and innovation.
The CWG leads CycloneDX's vision and development, stewarding the specification and all official implementations. As OWASP project leaders, they ensure CycloneDX remains a pioneering force for the software supply chain.
The CycloneDX Maintainers are dedicated to upholding the quality and functionality of CycloneDX libraries and implementations. Their expertise keeps CycloneDX tools robust, accessible, and aligned with industry needs.
The IWG brings together diverse CycloneDX adopters and vendors to provide valuable insights and early feedback on emerging concepts. This collaborative group strengthens the CWG’s understanding of market needs and challenges, shaping CycloneDX’s relevance and impact.